Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 21:20

General

  • Target

    https://github.com/topics/robux-generator-free-download

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa51f99758,0x7ffa51f99768,0x7ffa51f99778
    1⤵
      PID:4576
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/robux-generator-free-download
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=312 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:2
        2⤵
          PID:3060
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
          2⤵
            PID:3284
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
            2⤵
              PID:3796
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
              2⤵
                PID:336
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                2⤵
                  PID:1468
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
                  2⤵
                    PID:1576
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
                    2⤵
                      PID:772
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4672 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                      2⤵
                        PID:1756
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4556 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                        2⤵
                          PID:1808
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5232 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                          2⤵
                            PID:4456
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4716 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                            2⤵
                              PID:3688
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
                              2⤵
                                PID:3300
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5860 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                2⤵
                                  PID:720
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6012 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                  2⤵
                                    PID:2960
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6020 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                    2⤵
                                      PID:3476
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5272 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                      2⤵
                                        PID:4116
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6416 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                        2⤵
                                          PID:1772
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6484 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                          2⤵
                                            PID:4836
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4656 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                            2⤵
                                              PID:884
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7264 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                              2⤵
                                                PID:2164
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6780 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                2⤵
                                                  PID:2964
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7524 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                  2⤵
                                                    PID:2296
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7616 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                    2⤵
                                                      PID:760
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7780 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                      2⤵
                                                        PID:5200
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7956 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                        2⤵
                                                          PID:5236
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6880 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                          2⤵
                                                            PID:5264
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8336 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                            2⤵
                                                              PID:5440
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8344 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                              2⤵
                                                                PID:5448
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1540 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                2⤵
                                                                  PID:5996
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8784 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:5600
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6484 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:5788
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9028 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5820
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9068 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5920
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6704 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:5992
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9292 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:5712
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9032 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:5716
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9612 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:4548
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9780 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6128
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9940 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6152
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10152 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6256
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10288 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6328
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9252 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:6408
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10436 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:6484
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10112 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6492
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10768 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:6572
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=11044 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:6832
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10916 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:6980
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10764 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                      • NTFS ADS
                                                                                                      PID:7140
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=2740 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:6936
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=1584 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:7068
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11288 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:6792
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11436 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:6788
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11272 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:7268
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11492 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:7732
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11540 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:7760
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9032 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:7768
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9832 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:7896
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9940 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:7972
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8544 --field-trial-handle=1796,i,8001100298039803033,15986874431127503830,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:5876
                                                                                                                          • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Robux Generator.rar"
                                                                                                                            2⤵
                                                                                                                            • NTFS ADS
                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                            PID:3148
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zOC4C73C28\Setup.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\7zOC4C73C28\Setup.exe"
                                                                                                                              3⤵
                                                                                                                              • Drops startup file
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:6284
                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
                                                                                                                                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
                                                                                                                                4⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                PID:7932
                                                                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                          1⤵
                                                                                                                            PID:2136
                                                                                                                          • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                            "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                            1⤵
                                                                                                                            • Modifies registry class
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            PID:6996
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                                            1⤵
                                                                                                                              PID:5848

                                                                                                                            Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                    Filesize

                                                                                                                                    40B

                                                                                                                                    MD5

                                                                                                                                    0b7c0cd12f869468a1823c6a027bcf04

                                                                                                                                    SHA1

                                                                                                                                    8af8ac6c0831736ac82c5f16aea4e07de8443267

                                                                                                                                    SHA256

                                                                                                                                    c62f02122f173dd57358058c5a74cc91785b2807049146306063773b72ba12b5

                                                                                                                                    SHA512

                                                                                                                                    953467e3477f8289f86829ae4a12a78a5bcacae93181ca9db53f44e75f6d6a0bf74e919f17cf2f5e75f76f6a4a81be28ea6b3c8191e4c26aad852d50095da0c7

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                                                                    Filesize

                                                                                                                                    88KB

                                                                                                                                    MD5

                                                                                                                                    715ab480d82f38eb8f610c107fa44979

                                                                                                                                    SHA1

                                                                                                                                    32bd346e7c40b299f7eb8eb1318d76bae844538e

                                                                                                                                    SHA256

                                                                                                                                    736428fc0ae2884d7125fe8f38df12ac6569fde628b252003b634cac3804dd2d

                                                                                                                                    SHA512

                                                                                                                                    cd30397de1d1403b7adfe9fe71cf0868bf6395a341f3c7f392a68f614b9d7ea2eaa98cd61a61f14133c0ed048d47f9efaa38c7483a7ad779ab4e13a708574e06

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    7464facc5a730dc83ae1b64adbe0bc71

                                                                                                                                    SHA1

                                                                                                                                    9501a6132e6156b85b31bb11af4af56140fb3c4a

                                                                                                                                    SHA256

                                                                                                                                    e33cfb0a3c2753ac791df94ba8cb7a9b7eb5f3eff81d6dc8811314e128c7f75a

                                                                                                                                    SHA512

                                                                                                                                    bdc71fdee623556ab5f3bd96db4013f09aac917968f32ba8602e6bb4ac3cd322ce5a243217e4eb447801cf4934dab999572a4290c149cf13031085ecda0a5332

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    7dd15badae8149dcd68437616ef961ea

                                                                                                                                    SHA1

                                                                                                                                    4183d8be5e3c8bee42827f901b143cae745b0c66

                                                                                                                                    SHA256

                                                                                                                                    324ef58607fa831991c832e5052f879bc15c9905c352891f5f64be48eacc0e61

                                                                                                                                    SHA512

                                                                                                                                    e4ad778fde44f78ff3788c272a2b3cb77366cb335ebcb07257f1411a426fba8bba853aa749b64f512b9f28da3c3604412762078c2991f2a0b726edeebff2d0e7

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    43c049a7d4e5bdb85ad7f4da3180a8a6

                                                                                                                                    SHA1

                                                                                                                                    b051794ca5694efb19e4162f8fa4f8cec5c52db2

                                                                                                                                    SHA256

                                                                                                                                    5d89e419acb188c1807b29b4b664587694ff4f85eeb8f0ff2ae7b6de0c8f9a58

                                                                                                                                    SHA512

                                                                                                                                    62cb4e6a504ce4342a752d2685930019927ede26c6488540ce0c21c70c4eee49968e3ce5dc6e579ad7409859a7596754daa0fe09c395737b7f444faf85d7b0ac

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    8f78bade3ec9efbaf340340a0b570d5e

                                                                                                                                    SHA1

                                                                                                                                    080a4bf6d91962cc803f37f58b73205e4a9496a3

                                                                                                                                    SHA256

                                                                                                                                    f9cce4306005f5e8aebeae3b8e524818b0661c550bbb19fa0b6bed69a131fd66

                                                                                                                                    SHA512

                                                                                                                                    2a86fd993856f60e9eb6e3f85dbe9cb3f77e3ca1b58219dab43b797927b74efa86ee10a0a3eb440898001a9bbf71953641338500bbe296248790fbe777a661c4

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    f938c1ee8bf36bd1463235a5dec1811b

                                                                                                                                    SHA1

                                                                                                                                    52633cae98bb7a02bf54c18ac15125d7cc3de5e7

                                                                                                                                    SHA256

                                                                                                                                    9efc36055ffa03bd79a44beeb8426b3bcd53524a7fefe368ac3b1624b1297cd8

                                                                                                                                    SHA512

                                                                                                                                    ea19c01509f33a3f7b4fe62b8b81a45a487e10e06b3406250a886177517fdec793d8b5647df06fd865e5f621b8ac671d4813beef99b393b6c34bb14299929a5e

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    61e0b99050094922175610d1b8729ce4

                                                                                                                                    SHA1

                                                                                                                                    f4203a4de03054667e1356414e8cbc05a6e2d2c3

                                                                                                                                    SHA256

                                                                                                                                    65b0a70143c437a2a351361cf79dbbc6d68d28695e7c45fefd8c100f94981a63

                                                                                                                                    SHA512

                                                                                                                                    3ff153fdcf1faeaf4530e08148ba6ed985ddc0c668e2a6d2e65e328b3fc79c36fcfc2f5d34fa6ca472a5f212f3f9c683caac00af88b81ff9f87f3219abf24dae

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    6817cc2dbf8ad2299ff15b033f2aa452

                                                                                                                                    SHA1

                                                                                                                                    4286eb0055325b0617bb5829d916815ff78791dd

                                                                                                                                    SHA256

                                                                                                                                    308892143f6300f2338dff1412941d5d311e72ea95bc47240265b567c351bb41

                                                                                                                                    SHA512

                                                                                                                                    2f3f19226d1e8ebd5b2bd169fcfe2b96315e199f4bc50859ef189115105e91104db0ea3f5c09b569895da1132dce0d6bab6b2dced290b64594d9177916542b73

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                    Filesize

                                                                                                                                    130KB

                                                                                                                                    MD5

                                                                                                                                    72e935393013673460790acab12d95c8

                                                                                                                                    SHA1

                                                                                                                                    df75b94ba45b0ad9aaf4f4ad72371cc73bb43285

                                                                                                                                    SHA256

                                                                                                                                    0fc6f1ed5ec643681c9f854a8cfa81a000004dec386b1a400fab9813391478b8

                                                                                                                                    SHA512

                                                                                                                                    d7b94066c9e5863d4abd5e53514fc92037d245831cede38beee5518c1ac0c78a1d069353f711145347acad5c7c77e292385785f016d0ac20c08a7ec90d9e9e9c

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                    Filesize

                                                                                                                                    130KB

                                                                                                                                    MD5

                                                                                                                                    16d02ab8555805470e5a1c36f97638e5

                                                                                                                                    SHA1

                                                                                                                                    072745f683a893a5d008ba306c67a974cfad7246

                                                                                                                                    SHA256

                                                                                                                                    86a477fe061bb41a83cad589cde59e977634f7985188b1322b50f25f686a552b

                                                                                                                                    SHA512

                                                                                                                                    c9ed21f79c98846bacdceedc8f7bd3faf0008c3ec5af9abfc512ea7b78d0b3a6421bf184a8af3cc8d29384aedeeed45e363cc5403f4b139e62af28f388d6622f

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                    Filesize

                                                                                                                                    130KB

                                                                                                                                    MD5

                                                                                                                                    18d46dd41e0eea0659f8dd30e42d57eb

                                                                                                                                    SHA1

                                                                                                                                    ec816beebcc4f7ae85dd63c11a8be461c09197cd

                                                                                                                                    SHA256

                                                                                                                                    a2058867d4abfa2722304aaf86283e87ad956c36f8138eabc86894d1d0476fbc

                                                                                                                                    SHA512

                                                                                                                                    4f7cf74a40eef429e5fec312c27060245c4fafd7eff9ab8ee2814ab61d1d43f0cd8d3501549a13ef9653f8d57af8212cccc7e99b7b8d123c3a8e889065092d38

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                    Filesize

                                                                                                                                    98KB

                                                                                                                                    MD5

                                                                                                                                    c76063b208858ef6c789c4337bf34236

                                                                                                                                    SHA1

                                                                                                                                    f1992ba35240a63850615b4c37c66029bf3e16bf

                                                                                                                                    SHA256

                                                                                                                                    b8304c6a17a26e759dc6b1bb7323271c39b80e19cdab08d58906d3e2950f1d9d

                                                                                                                                    SHA512

                                                                                                                                    fc19b7040ad1c0d8744c0864fa013438369c78269da1e41ec2a7963366f7fde57b3691c826926a6d3b285b5d4a8b3e548b99bbddd88a2d60171748b2b6d4026d

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                    Filesize

                                                                                                                                    107KB

                                                                                                                                    MD5

                                                                                                                                    797a44eca7a8231a3905e7052abced81

                                                                                                                                    SHA1

                                                                                                                                    fcc8cf9304fbd869142c09536ad2f8216424a19a

                                                                                                                                    SHA256

                                                                                                                                    1ec23b55a98e559782d057662da6478e698f2fe3237bc6ec5220ee6b0c942817

                                                                                                                                    SHA512

                                                                                                                                    a522402dcc6fa541c7c7782336499534bd7fe51eb71800f3d769a7a512c45e512f46352077203a642bd71a8a0e4414d04355b216fe1eeb09f4da2db2b3c9fed9

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ea7f.TMP

                                                                                                                                    Filesize

                                                                                                                                    89KB

                                                                                                                                    MD5

                                                                                                                                    964b5e1c7b88d22151d9358504efad57

                                                                                                                                    SHA1

                                                                                                                                    e9f8e95bf24552f5d655115d2ee7b28581895b3f

                                                                                                                                    SHA256

                                                                                                                                    ce313c7c8ad8064cad3a500f60f5ef487968e421513798f6a4f8b421fb5ee0e2

                                                                                                                                    SHA512

                                                                                                                                    de600d0c334895d6ee89280e0211fdcc11e73d2e8b418f44c471252aab179d35a3750408ce5cf495e1aef2ab723924ce690533c32d22354f61f52de4c995ae8c

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                    Filesize

                                                                                                                                    2B

                                                                                                                                    MD5

                                                                                                                                    99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                    SHA1

                                                                                                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                    SHA256

                                                                                                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                    SHA512

                                                                                                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    28d32a16ce87d488acc7632092f7d566

                                                                                                                                    SHA1

                                                                                                                                    325dd247e49113dd987531ffe7ca26c22ce08c31

                                                                                                                                    SHA256

                                                                                                                                    ba6d4f09117c098bd27508a14d44822f13399ebe16d5d2539ad2844157fa4907

                                                                                                                                    SHA512

                                                                                                                                    8159021f9d0e28d370faddf7fa41aa9d4bdf7a1aee71779706e43c30486526a0636568d8f90c580da543f8393f546090f71f87382f99e3e0a2b227b04670af57

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    82678367fa4297a26727ccc84e0b2f60

                                                                                                                                    SHA1

                                                                                                                                    0c65ab90390566f7d2f5b4751b9027f6bac1d22a

                                                                                                                                    SHA256

                                                                                                                                    fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29

                                                                                                                                    SHA512

                                                                                                                                    e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\7zOC4C73C28\Setup.exe

                                                                                                                                    Filesize

                                                                                                                                    727KB

                                                                                                                                    MD5

                                                                                                                                    f0b2a4746586e5ad4d4a1325c6cd0914

                                                                                                                                    SHA1

                                                                                                                                    0f88773aa73ceab16e43612af00b30f51fdcae23

                                                                                                                                    SHA256

                                                                                                                                    13a5d2dac747be8385c04ab9f60bebc16a5ad457d10d1426b9173e4ee20d41c9

                                                                                                                                    SHA512

                                                                                                                                    96effd8298bea5ab715fe0e10fdc6c59bf6cd5c59e9398c1c29f53ab9cb96957b7e0caec49a86d6c7e2623fbc0199a1d661920a9d299c19717d612b4224120ac

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\7zOC4C73C28\Setup.exe:Zone.Identifier

                                                                                                                                    Filesize

                                                                                                                                    317B

                                                                                                                                    MD5

                                                                                                                                    b3ff799a65b31e584d4540cef8b694dc

                                                                                                                                    SHA1

                                                                                                                                    c68fd401a7aee1fd525943b7111f5ade8a55c5ba

                                                                                                                                    SHA256

                                                                                                                                    8b390c801148534f158733eb259e90bfc36b393d848d5453cc7fee4a834abd74

                                                                                                                                    SHA512

                                                                                                                                    0e4bd0b7a63f1275ac38f867d88aed65eccc95dec5bc2f946039243b7b317e7e2e6e8e48fb706ac8c51f493478dbb27b048922d945224253df637eef23ef7f73

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    a5ce3aba68bdb438e98b1d0c70a3d95c

                                                                                                                                    SHA1

                                                                                                                                    013f5aa9057bf0b3c0c24824de9d075434501354

                                                                                                                                    SHA256

                                                                                                                                    9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a

                                                                                                                                    SHA512

                                                                                                                                    7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

                                                                                                                                  • C:\Users\Admin\Downloads\Robux Generator.rar

                                                                                                                                    Filesize

                                                                                                                                    832KB

                                                                                                                                    MD5

                                                                                                                                    61442bc7f95927cd2e7eea3e77aa2987

                                                                                                                                    SHA1

                                                                                                                                    e3162b8cee1ec84f766c3540ee7b0d49342b9b3f

                                                                                                                                    SHA256

                                                                                                                                    4b2b7981b259f448bcb805b60985d88700ff70c57b2d5f2e426b9b52d860b0cf

                                                                                                                                    SHA512

                                                                                                                                    12bf5621990c28a474d9d10415393348e9168b6bdeb8305c1789ad92cd163cc149c55ab9fb60b14c8badf9c1074da87df9956d287ec4e710c41ba52d32c560d5

                                                                                                                                  • C:\Users\Admin\Downloads\Robux Generator.rar:Zone.Identifier

                                                                                                                                    Filesize

                                                                                                                                    26B

                                                                                                                                    MD5

                                                                                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                    SHA1

                                                                                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                    SHA256

                                                                                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                    SHA512

                                                                                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                  • memory/6284-718-0x0000000004E50000-0x0000000004E60000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                  • memory/6284-729-0x0000000006F20000-0x0000000006F70000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    320KB

                                                                                                                                  • memory/6284-722-0x0000000004EE0000-0x0000000004F1C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    240KB

                                                                                                                                  • memory/6284-723-0x0000000004F40000-0x0000000004F8C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    304KB

                                                                                                                                  • memory/6284-724-0x0000000005300000-0x0000000005366000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    408KB

                                                                                                                                  • memory/6284-725-0x00000000062D0000-0x0000000006876000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    5.6MB

                                                                                                                                  • memory/6284-726-0x0000000005E00000-0x0000000005E92000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    584KB

                                                                                                                                  • memory/6284-727-0x0000000005EA0000-0x0000000005F16000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    472KB

                                                                                                                                  • memory/6284-728-0x0000000006120000-0x000000000613E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    120KB

                                                                                                                                  • memory/6284-721-0x0000000004FB0000-0x00000000050BA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.0MB

                                                                                                                                  • memory/6284-731-0x0000000008170000-0x0000000008332000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.8MB

                                                                                                                                  • memory/6284-732-0x0000000008870000-0x0000000008D9C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    5.2MB

                                                                                                                                  • memory/6284-720-0x0000000004E80000-0x0000000004E92000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    72KB

                                                                                                                                  • memory/6284-719-0x0000000005480000-0x0000000005A98000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    6.1MB

                                                                                                                                  • memory/6284-717-0x0000000073E40000-0x00000000745F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.7MB

                                                                                                                                  • memory/6284-713-0x0000000000AA0000-0x0000000000B32000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    584KB

                                                                                                                                  • memory/6284-754-0x0000000073E40000-0x00000000745F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.7MB

                                                                                                                                  • memory/7932-755-0x00007FFA3F990000-0x00007FFA40452000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/7932-752-0x0000000000C50000-0x0000000000C58000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    32KB

                                                                                                                                  • memory/7932-767-0x00007FFA3F990000-0x00007FFA40452000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB