Malware Analysis Report

2025-08-10 14:19

Sample ID 241003-xemsha1bkl
Target RobloxStudioBeta.exe
SHA256 9463c02624b207f4ab12a90bb3c7a9a6428d39f3be78c596e300be1bd77f7ec3
Tags
wannacry defense_evasion discovery execution impact ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9463c02624b207f4ab12a90bb3c7a9a6428d39f3be78c596e300be1bd77f7ec3

Threat Level: Known bad

The file RobloxStudioBeta.exe was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact ransomware worm

Wannacry

Deletes shadow copies

Modifies file permissions

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Browser Information Discovery

Views/modifies file attributes

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Interacts with shadow copies

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-03 18:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-03 18:46

Reported

2024-10-03 18:49

Platform

win7-20240903-en

Max time kernel

53s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2712 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe

"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5de9758,0x7fef5de9768,0x7fef5de9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1560 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3168 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3108 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb27688,0x13fb27698,0x13fb276a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2752 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3468 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2436 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3088 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3128 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2420 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4204 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2024 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4448 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4156 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2320 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2060 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4840 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4084 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2728 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3844 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2464 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2900 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4596 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\cmd.exe

cmd /c 153531727981350.bat

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected] vs

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Users\Admin\Desktop\@[email protected]

"C:\Users\Admin\Desktop\@[email protected]"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.234:443 ogads-pa.googleapis.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.187.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.68:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net tcp
US 104.18.37.111:443 sourceforge.net tcp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 a.fsdn.com udp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
FR 185.93.2.8:443 cdn.consentmanager.net tcp
US 104.18.33.97:443 c.sf-syn.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 j.6sc.co udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 34.117.77.79:443 ml314.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
GB 2.22.249.39:443 j.6sc.co tcp
US 172.67.41.60:443 btloader.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 c.6sc.co udp
US 8.8.8.8:53 ipv6.6sc.co udp
GB 2.22.249.41:443 ipv6.6sc.co tcp
US 8.8.8.8:53 b.6sc.co udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
IE 99.81.250.169:443 dpm.demdex.net tcp
US 8.8.8.8:53 a8271d53db29cfed71755debef6684eb.safeframe.googlesyndication.com udp
GB 142.250.200.33:443 a8271d53db29cfed71755debef6684eb.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.201.97:443 tpc.googlesyndication.com tcp
GB 216.58.201.97:443 tpc.googlesyndication.com udp
GB 142.250.200.33:443 a8271d53db29cfed71755debef6684eb.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 id.google.com udp
AU 142.250.70.163:443 id.google.com tcp
AU 142.250.70.163:443 id.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
AU 142.250.70.163:443 id.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com tcp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
DE 134.119.3.164:9001 tcp
US 154.35.175.225:443 tcp
RO 185.100.84.212:443 tcp

Files

\??\pipe\crashpad_2712_NLXTJRMXFUIYVFTO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\Cab3297.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar32C9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a3de0168d6c0a7d01bb1fd2fe8eb52b
SHA1 99f4f93352dafa421611f16a2ccd32cbf9ea8821
SHA256 a6367c4b9f8da342ea73de11f547ee2a611f08602e4ca3da2e95a530d60da921
SHA512 e8b80c8f788cac4183aea5fe696723cbd6f0bdff27373f55df996db03d6b77f897606c3b771a0aa6d6f6a07205902a1a9c541c9c82a3d2ed340c7132f87aa8da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47af485a8cbacd66d96f8d035c66afdd
SHA1 d706183741dd3d705973d5f4cd59a608ab6c48aa
SHA256 7a06e22df45b2c96434419b643ab5aeb1e5ea4eba06302cf37da8eef64439766
SHA512 fef822478e3a89e0d3ed50f3e17633e3bbe568f9ab81b799ee377e13cb02b5365a3635b32333ee2084951d5e536e590341509d6c6e0ba29cb4b29a7d8f837d67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20026dd3c91de6aff626e8806df96c46
SHA1 462d8248e910c5b273c5afa5f51b14e55c53820a
SHA256 653810782e0da3cb026511e381b164c3dfe8bde694da44b0a6fcae8ba572701f
SHA512 0af48361bf702579e86bc9c1ea0b6d9174070e13a47e404f60851bfd76e00e75728ce0248ab293c30a601d66606a1f371e445cb397c1d1c1bf7c2d9cea005ccd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab7722155b4533617f79ed6edb90d1bb
SHA1 1ef2577f7494cffba179a9268441582b7ec91877
SHA256 275dcddf549d7f68fe687b2e72eec7d50a80e6485fb9fac95d05952607fadf05
SHA512 aa9f51f9e26a2b14577c3aa65a8d576aa782b136528656a86b15197ac08bc78454a6735876045a3efa0a298f4825a041b7926035adb33b5b2edb68c38d59f16f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e0d4a865daf56ce7830b320169bd026
SHA1 d988e44adda7854cc2b268bd41067ff54f08ab97
SHA256 a8da8ab75a787616b5cee2114006c82403e8b69ee2176e9862f1900845e2efc1
SHA512 dd3213ac12d1f0f1c2b97003b5449144fd8e5048546126f93ce72ad269f54a6d159e909829ea0104bd9dfb4f880d4114b5a33c91d9beb8d03273e2ed796f2c72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73cb70879043edd9f19e26d7e8dcef8a
SHA1 c210e08131fc4e4625323bc9159c6bf5b49d9743
SHA256 d87ac3e5279bdee589e42b783289692bb476f57b76c2c2dec32fa0170660e916
SHA512 4f63a2f3ff60e07bdea542da28748ef9e9191faadb4db834adc38386180bde65a0182d76f327e41b25622c8ed982d581c32cf0f5bb536e79dd4fc60eadbf78b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e8413a8aec464afb417e9dbb6f467d1
SHA1 6281c92896b1a37133b4717514573ec39e08daac
SHA256 685b1bab17af01c8ffe013677d0abcaf5bbc5afdb9641c9cb59605c84ce09a70
SHA512 367cc58c48fab4ee2fdea4537375ff56f1ca7e8ec511ecaf4f96645080890b6ec8400ea48acd3e8207a987f32ac47aaec122d68cc7cd4ad86b2a796052128557

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 417b641796b941619542ffe6afcb0190
SHA1 152e394644f7f44e1e8bdedd6021aaaf299907ae
SHA256 c22353bd8191adb11a8d4892aa6f51ef09ac1a9ba51fc9881562aab3b16ed8e8
SHA512 e36bb79ce96f9d4cbf89f4fdf062227a1a884f1ac2bcdad99c99c6c5e3c7961c1221918616455fe62967d8beaa105a4529318d330d9b3961906b316255eee8c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9d1692f627998ba2da3ea324286fd3d
SHA1 2756938e0457fff5b52c79f345bda59e7e3fc2f0
SHA256 4cbe8cbc0ca1d3d2c8463e7ea7b8732a74eaf8ca7d4847a6880e897e10b09d7f
SHA512 adc05be160c0590bf2b61ae306331948c7e306038d210639151c524a084986b0ca7429071ce0815335a265c572f43823a9c2a83918ae956d903ea612b02d1b8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc2c17da3a9cb84c70061a62acdaeb42
SHA1 18a3d087ec822d28aa7be367a4c38df767679eb8
SHA256 ff37cbd9f0f1b059ff51e22f20603ab8fc2da9d1d53b4308dfb326df9925ce61
SHA512 95ce4d6adc015a550f699ffe1e9e18f415dc0ef552fc097fc9af71fa6603b2f7661754408447b5cdc387b8abad12fb7f8020446774c99be09ff2706ea9d770fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9288078d8a4733d13a17cfb46ac13054
SHA1 52c6e5f41a077f6074ed8d5c6588e2b812659e9d
SHA256 c164e3326e2cf4353d096426721d9d98e0f50b89bab929d1c66af6c4405e7836
SHA512 83af0fed57f5ddf594bc8e76328c7987012169617c7e461e0f41dba219116f3f33dcea4714f167140f0ffc590caacd791edfe0ce6579d3f1af28adb77c79058e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a903830fbe9cfc565fc00558ca69dde8
SHA1 70d1a188abad3ada7ac04d8c79633606b052172f
SHA256 1a02d85a70bf956a33f6e50ca052749a925f4d39e1d928537dfeedd08d574d95
SHA512 cd05de2216d578dd61735307385e6ef65d01ac4e3bc4892211f4a8bd04faaabe4a6407a7279a755e05edfc72fa14b717af0096791d685cd80eaaef686a3c70d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 c5c312a730a261e57371ec11d6fd6ebc
SHA1 9c0fa471e2457f50f60d31cc05af216a683e90bb
SHA256 c49918b49d91dacecf158cbcabd34ad27e042a5e7328aeb86e93c398176086b5
SHA512 24eaf878b58ba6728dd33775a079e1cd21ffd8ca0bce567b92f7fa8f71a53e735d5e5aae0905e88d467aaf87eee37919709dea52c3142ea2ca55fd7ee729e6c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 d21057144256bc23c6ddafbd508d3b4d
SHA1 ee7ac2f0f4aa7c75ecee7309a6e3cc85dc2d877b
SHA256 c0ebdc187e343dd9a2d0d4bb388a3c7d5cff70409487e0c5cf8caf90230131c8
SHA512 bb169d2613b18de616a601dd6b2b13458d6d165dfcedcca09102d35665019cf2aaac3f360d0d110567068bfaf4fc298310f0fe9bebd3f04f441d090d00b7d8cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b4098d68e5430428759d11c2e52da3bb
SHA1 1833fafccef0af8aaf771af6571e594bc9208df8
SHA256 2fcd7e007c59d982c4cd9b9bfa66593d3d781ab926d2107ab4eb4c23b3fcc956
SHA512 aba75d9af904551f2ec746297ee6947b85c627a34c802ebce3b4370078cc6b070eb85b44dd48c21c4cb2ffb374562d2dbaddb29443b61d9b0377d6b09f522081

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

MD5 c0bb58a52af1c3c657749681c9982766
SHA1 6e6c03f0feaafe6f48a108e1e8fb7556ec0fc611
SHA256 58fa9aa8243e0316a1b27eb3d92c4e52b9b0545468934ea3e4479f5ff150018f
SHA512 be84af420676a420de36cc019296756825f11d2c257381f7ac47d434d443548fbce736cf0bc833e41651beafabf385a27406d1e1b3e0c704403f608e0bbb4020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 9666d74b18f57389ee2d3dee5073f71a
SHA1 1830bc2670e616a1da1af27157159e6677a5ad63
SHA256 6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae
SHA512 69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 abda4d3a17526328b95aad4cfbf82980
SHA1 f0e1d7c57c6504d2712cec813bc6fd92446ec9e8
SHA256 ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476
SHA512 91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b573e62cbff62710421bc81b0997480
SHA1 74ca9629b90802b621a0b7d21013aa0c0b4da17d
SHA256 ce821a6f6189bf6a9a65b4f79f38ed9ba37d59457c2f22b57771c835798475c5
SHA512 7a08fb10e23b7f46d0efa9b8d731dc54e24f9edcd22d76905c95982119865d77462a198c1b4d9df6364b473415ed385b3c066d52b213d382b734b595708c0a22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c30d9889f52f03199dfb182d3c594acf
SHA1 6f5764c1bd43f33a3a70d38fed79cb5077e0e253
SHA256 1cebbf680d1ce33248eef19f0a42da68b2a71965774e6761be20212188626e97
SHA512 f27ded259ca4bfad1c6e5e25a2769af9687205bfa48569d3b89ad26d4795d3d5acd175b8b8ec49906d14055dc6c825d7646145335217e8facfdf70fe113378df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5a4c0f3b1b4a882eada482abe85df2f8
SHA1 deb89ddb356099cdb27e7b2a709c5537a98354bf
SHA256 5e2e51e8230af264b1a343440075e615230ea50be28dc9cbb409f469237fb71e
SHA512 9722d8963c755133f3a1430f5f0f5f069ae90e59785ac51d70cbbae0d1b8d22b0c56151a0e6997121a4d4b8e7dd32008f6fe0fd87e99e1706a027cf99f0c10e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 363a58e6d06b79e2cdf6a7a5567abbfe
SHA1 28be6c44ef7a08b2de6e277daf38d66b5ae54c95
SHA256 4ef8cb6324500c9cce8e3cb4d7ce1819f03bc6de8ee86fc81601f1731d6299d2
SHA512 1e65496eeaab4d45571d9f0d4b63c9e8e6c8dc6d0dcd08a973b3c97f23791e4e8c9349d580b2ed790488f2f5db83989d137a9ca667f9ffa3dbc4ccfdae8c4048

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e6478d2c01141fc9161d79b917010acf
SHA1 9b61a4055464508bcf3115a2eba4f1c5c1d50c68
SHA256 22478c19834f410095986dbce31ff4a4bfef98294f06ea799d1c110dbb11fd45
SHA512 55934e8a4b50b732ee9bacf218d367ae59c45822d984f92664f97484b939605dee84ebead386465cff50047f436160dfc05092c1b3077fbc65727813c20eba2d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf77e08f.TMP

MD5 1c4e28723b3d862a7cc4f8c7f9963b0f
SHA1 d529b7d811bbc44e06c2c9203c811fd54b90a7ce
SHA256 4c0c458b52d8fba75db6e7b9225e61f3997b65a4b7971923276fee15cef6eabd
SHA512 d47bd9aae38199572e873961b5228e246ca08ccd4a9b8124a0263c66f3dc063abc5d3c73c5b3de713c4ddf52e34e6ae87f2958679beb51c60493ad0597f6aee7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1199ade758ba9451_0

MD5 0041e187bb78eead432f42888336c4e1
SHA1 d2bc5590f3b5371ff317884092907ab0330a2a36
SHA256 7f67bbae79c414bbb2de296dc30a9e48e2e2f8ab801f42fb351eed2745f4e99f
SHA512 2bc9c9c62a04c63111415794405c5839961e5708bda56f52d627c0751bea11184750902af8df41a7367c51fe36d8514dca8efa054d00ed15eccc74dab8506eb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04294a9e50a9152f_0

MD5 ed8b582f31f4d14cfc5dac0116230f22
SHA1 fd378e9a40540c5cfa2d5507c7e0837f01eaac60
SHA256 73eb69d98ade8c632b60d1275f4450e458378d42864c453938e01d8d38ca7929
SHA512 80d6205971a2d50e3a27064c45b05d06ea5549f988692953f505a5e107efc5e1ffc2d83655a8ff3caab3640b131423b8f72de753077eb1d0523dbee445b71f05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\777aa18d7ac091fb_0

MD5 9315f6ba3f1c1ea6f8a731afe2e05f52
SHA1 316a3b08bca1c281f84e8946f79940fae5925a7e
SHA256 0cdb63d5f45542446eb6b2a65c2261ae13c629ab95b367408473e28cf4ac6840
SHA512 0ae5565fb1e8988db1c696e261d4beb3f625fcb079d705f52f18e35e96c9c69678c606564601b1670546c2eab96d7644ea3c0dccb15c0315b391eba0b3ff3a1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c91dea6515372629_0

MD5 7c725734ae6cc00b1215ba87b52c8aab
SHA1 dfa036b82572b471f822e11d3d1d0eff4d7fedde
SHA256 5721b31d8020a1e14b21652b5b38f414cabc1e301963c7f66119fb2624ed1b50
SHA512 98c58975a8565ed61c52a746df573a1c1642a5de923d4e50aa0aa5c75ebef59222bbef14535e301c80b67be2d0337b53b13b580b0cd8fa9a5797850948ce5adb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d14d03a731593e25cd74ad568c41f8e
SHA1 4f7f46f10495d3a7ac290e7deb20f8cac2e7d4ac
SHA256 5e5a568fb81b7795c5e43ebe8ed07fe75304b91a40b7407b5bb7c850bcd735f1
SHA512 a0d7426fea3f7a330a9479f4eef4f90e87798155e5dad1b4ad25952a475602d319a43f80582501f0b6113c240811912a9e5724d1d0512d217f0ad8d718474fb6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 ed2cffb54cd70a044117aa2538a440cf
SHA1 66d1c3a97d6728eed06fde72f1628990dd9b1a2b
SHA256 ec8c95ee427cd0d09fb3c30ad2e86285755bb3eaad12f6c1290963dd622ce153
SHA512 60702eaf453c832885db5d3f50cd2d080d3ddfd539c8b8d3d819ce86d3ea6925fbcc8fdefba51f1cad85fa85b47492107d0ea4fd453c10259780cc808e0cbe7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65c783a2500907298c074aac674acdf9
SHA1 80a00a26d8203b56f5a69b62e53f11ef80de573b
SHA256 b522da7ea82e3b7db6134c335c0d68930764a7f60c9234114485853ac8b7906b
SHA512 dcc6791b33f20bc1fe31511861a7c05d2195da0248a25b7ab8310c86d240da4abf0872985a69fcfce718d14dd71b04c08b30130a70ecdeab751aebe12beb5a40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b3ff6726be4e6f9cd288ce3099148b91
SHA1 a8675cc513737c68086d79e5bb72dd5968781153
SHA256 ddbf984c1c436df15f087979883401e5a328a874a27badfea08797a21ad77930
SHA512 3fb116cbc41f1aee5460e8950c38c7e3c361e510add2b717177c864910488c29918d1753fa5fc6dd8dfbba2cee1d37570220ebdb04138b94db5e99c1f29b72d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bca68d5fc709852b507795c229db16fd
SHA1 235f947a34d4c6b4cd9e269f351f43b9d644a4bf
SHA256 a2518903fe217548553b91641d18e1885e7e19157ea2ea18d9c94bce225bad12
SHA512 bd30186d796dda176cf8d2ed57aa8b907cee0f67a9d79a8b41cf3d1a1a453b2f5498ed5aba93188ad1cb3e1e0014208e01826035c4284cc592d8b889208dcd0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97d715c385478328bce870a07891801a
SHA1 af09aed9bcca066123d0933b9c4f705672d3726a
SHA256 ff04f47b3cdde56ff5697fe074c6530de9bb8c6a26a8b08799165768d5d154de
SHA512 a38d4fdae7223d3f5a3ccfd5c961a2c3d19e9932b7ea9fad0f75e7c8772c2e13b57ed484299c4004582b8a5466d89dc7f901f316565d4a28714d84946c9566dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95c8ae9f4050e70fcc3bcccd3deba21f
SHA1 0482c4a1c27e78a26e18967ba2775e07d646744c
SHA256 2f7a228e144146e7a78394d6d2fb515799fce9a7ccecac71ecac092a093b7ab5
SHA512 82b6f7f9f13e328d8e62c0557c5f12c6906a0a1697154b4fca1c46d342f1519082568087df4ade46114a1cc2592ce4c2cd15c0f8a6f007c53064a9ce0ae3c3b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2ef3f4547f9b4be6b74436fb2b9fb036
SHA1 9aafd53b1ab902ad22b1d7934d7182ecce88298d
SHA256 c0b9b646668bea527581baa78ebb3ef8a51fe84498454dd454ed26cf6b074aa7
SHA512 b62001ae7eedcc11f004d26766c7d4fd8d23fb97e6b70396ac3647314569b26486ed1c244fc2c929f6c4fa92e61dc354eff1d37c6989e605a9293f1c29113f39

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

MD5 383a85eab6ecda319bfddd82416fc6c2
SHA1 2a9324e1d02c3e41582bf5370043d8afeb02ba6f
SHA256 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21
SHA512 c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

memory/3008-1260-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\153531727981350.bat

MD5 ab68d3aceaca7f8bb94cdeabdcf54419
SHA1 5a2523f89e9e6dde58082d4f9cf3da4ccc4aae26
SHA256 3161fdccd23f68410f6d8b260d6c6b65e9dfb59ef44aef39ebb9d21e24f7c832
SHA512 a5de5e903e492a6c9bcf9fbc90b5f88a031a14fca8ee210d98507560290d399f138b521d96e411385279f47e8de6a959234a094e084c2e7e6c92c0ea57778f64

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\@[email protected]

MD5 f97d2e6f8d820dbd3b66f21137de4f09
SHA1 596799b75b5d60aa9cd45646f68e9c0bd06df252
SHA256 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a
SHA512 efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

C:\ProgramData\Microsoft\Windows\Ringtones\@[email protected]

MD5 3f0a07e26a7b3ad3afbcc9f8d9b38fc6
SHA1 7a1a5f9122246a30d92791132681a420e469d840
SHA256 e5abd001186eb616a737540c1969a0f938c3bcf872f7b10581a9b8ad802b6765
SHA512 8a281cdefe8e2ec7dfeaa35f817933033f0232692db1aaf3e2aa450ec17400950f90784254e82cdeefebfc63a59197f7aaf3f352af6cd87d46449ef6d8d12aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d2bf47986952f23e7b6588aee9fe9ad
SHA1 fff946d4cd4830eded8125150b8bbd60b1ed8d80
SHA256 754e424083f7e1bda7362872d00cf5485db4279d1a4867ee474875f343535923
SHA512 39cf6a6439ed93e93cd68db3099ee9b1c01c89b18458278117e1fe28b0748c5fa2a3ca216c4854e89efcb5e49e0356efbaf5123883b08fb1aed1943041ebf437

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/2796-2167-0x0000000074240000-0x00000000742C2000-memory.dmp

memory/2796-2168-0x0000000073FA0000-0x00000000741BC000-memory.dmp

memory/2796-2171-0x0000000000CD0000-0x0000000000FCE000-memory.dmp

memory/2796-2170-0x0000000073EE0000-0x0000000073F02000-memory.dmp

memory/2796-2169-0x0000000073F10000-0x0000000073F92000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b8a8e6e741cb52728f1aeab5f1f9a90
SHA1 1ff88fabc23732894a479c3de41ce8adfd22e4d5
SHA256 e50725b01512c5cf27fc9966d84b69e1bfb38df9ecd40aacc3efd0ee28133b28
SHA512 9868934e4ff08a5f52f932f91bd1a231036ba2e85cbb337d6d7490dbdecfcb7e85b26d3cc7f909f606e108defa7608a1cd73a435b4526deb45beeee7f475da8f

memory/2796-2184-0x0000000074240000-0x00000000742C2000-memory.dmp

memory/2796-2183-0x0000000000CD0000-0x0000000000FCE000-memory.dmp

memory/2796-2185-0x0000000074990000-0x00000000749AC000-memory.dmp

memory/2796-2186-0x00000000741C0000-0x0000000074237000-memory.dmp

memory/2796-2189-0x0000000073EE0000-0x0000000073F02000-memory.dmp

memory/2796-2188-0x0000000073F10000-0x0000000073F92000-memory.dmp

memory/2796-2187-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-03 18:46

Reported

2024-10-03 18:49

Platform

win10v2004-20240802-en

Max time kernel

92s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe

"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A