Malware Analysis Report

2025-08-10 14:27

Sample ID 241030-awcbrssgnd
Target Roblox.zip
SHA256 d390cedf4222277eccbc02514a5d9a47c67379d14bc1d67ee95b096addce601f
Tags
asyncrat default discovery persistence privilege_escalation rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d390cedf4222277eccbc02514a5d9a47c67379d14bc1d67ee95b096addce601f

Threat Level: Known bad

The file Roblox.zip was found to be: Known bad.

Malicious Activity Summary

asyncrat default discovery persistence privilege_escalation rat

Asyncrat family

AsyncRat

Async RAT payload

Executes dropped EXE

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Event Triggered Execution: Accessibility Features

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 00:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 00:33

Reported

2024-10-30 00:52

Platform

win10ltsc2021-20241023-en

Max time kernel

1132s

Max time network

1077s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Roblox.zip"

Signatures

AsyncRat

rat asyncrat

Asyncrat family

asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A

Browser Information Discovery

discovery

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\perfmon.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\perfmon.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747224816990582" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings C:\Windows\helppane.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: 33 N/A C:\Windows\System32\perfmon.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1284 wrote to memory of 3028 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe
PID 1284 wrote to memory of 3028 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe
PID 1284 wrote to memory of 3028 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe
PID 1284 wrote to memory of 1960 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe
PID 1284 wrote to memory of 1960 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe
PID 1284 wrote to memory of 1960 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe
PID 4420 wrote to memory of 1976 N/A C:\Windows\system32\taskmgr.exe C:\Windows\system32\resmon.exe
PID 4420 wrote to memory of 1976 N/A C:\Windows\system32\taskmgr.exe C:\Windows\system32\resmon.exe
PID 1976 wrote to memory of 4908 N/A C:\Windows\system32\resmon.exe C:\Windows\System32\perfmon.exe
PID 1976 wrote to memory of 4908 N/A C:\Windows\system32\resmon.exe C:\Windows\System32\perfmon.exe
PID 1940 wrote to memory of 3876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Roblox.zip"

C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe

"C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe"

C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4053A248\Roblox.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\system32\resmon.exe

"C:\Windows\system32\resmon.exe"

C:\Windows\System32\perfmon.exe

"C:\Windows\System32\perfmon.exe" /res

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\helppane.exe

C:\Windows\helppane.exe -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffdeb4acc40,0x7ffdeb4acc4c,0x7ffdeb4acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3152,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5152 /prefetch:8

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5296 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3208,i,6946688323578673768,9382679123566886449,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5076 /prefetch:8

C:\Windows\system32\sethc.exe

sethc.exe 211

C:\Windows\system32\EaseOfAccessDialog.exe

"C:\Windows\system32\EaseOfAccessDialog.exe" 211

C:\Windows\system32\sethc.exe

sethc.exe 211

C:\Windows\system32\EaseOfAccessDialog.exe

"C:\Windows\system32\EaseOfAccessDialog.exe" 211

C:\Windows\System32\ATBroker.exe

C:\Windows\System32\ATBroker.exe /start osk

C:\Windows\System32\osk.exe

"C:\Windows\System32\osk.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:8808 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.242.104:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
N/A 127.0.0.1:8808 tcp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
N/A 127.0.0.1:7707 tcp
US 8.8.8.8:53 252.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.42:443 ogads-pa.googleapis.com udp
GB 172.217.169.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
N/A 127.0.0.1:7707 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:8808 tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 2.18.27.82:443 www.bing.com tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 195.195.62.23.in-addr.arpa udp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 2.18.27.82:443 www.bing.com tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.242.104:443 checkappexec.microsoft.com tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zO40593EC7\Roblox.exe

MD5 4068c787e0957ef2bcace223b329e350
SHA1 64953413198c9e73d3cb2dee812bf80a359c4d60
SHA256 0fe742209ac27e9da3613b6a5a6007f45c9ffbf4f71583752cdf0fa9a70c7780
SHA512 f3794b639c45becfae73f3c3e3fe5e722f1b36d904b95bbfde3b7d89b091f457ed6487ed38e650870391fca00c4fc08dd0389092e508d3f759e7cfd60493c849

memory/3028-15-0x0000000074C8E000-0x0000000074C8F000-memory.dmp

memory/3028-16-0x0000000000090000-0x00000000000B6000-memory.dmp

memory/3028-17-0x0000000074C80000-0x0000000075431000-memory.dmp

memory/3028-18-0x0000000004A40000-0x0000000004AA6000-memory.dmp

memory/3028-19-0x0000000004EC0000-0x0000000004F5C000-memory.dmp

memory/3028-35-0x0000000074C8E000-0x0000000074C8F000-memory.dmp

memory/3028-37-0x0000000074C80000-0x0000000075431000-memory.dmp

memory/4420-41-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-42-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-40-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-50-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-52-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-51-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-49-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-48-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-47-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

memory/4420-46-0x000002D8D4C90000-0x000002D8D4C91000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/4944-81-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-80-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-79-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-78-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-77-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-76-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-73-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-72-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

memory/4944-71-0x000001D2C24B0000-0x000001D2C24B1000-memory.dmp

\??\pipe\crashpad_1940_IIUVOCNTIAMNJJVS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\36e70ff2-3ad3-4e3b-9a30-9099b8069bce.tmp

MD5 542d4bd9429642494ea07d8bd476551d
SHA1 a307bb97d70829a0fdb50377628defe745731b8b
SHA256 1bf211377dca4085b794ee60fb4d0ad3500cb733a6ec0afb336095873c93ad19
SHA512 01f3d95abc9a35b9674bb8703a77cb0e2b69afc9be5398ab1f8a3f7b03d5337a7e7e30cf1d9ea012a959e47abcadccef68af417020751f99d84fe120151c331c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7b6c484be02c6295754561e706d3ec5
SHA1 f1d4765850ef73ceda097bae084b5ee14c0cb0bb
SHA256 1d5dc39360e13a6ed7b4bfcb247463cbc52c342adbf26e11b10f5ab69e2748eb
SHA512 d90435e59ba254ee5efc6eb7d7e8901de4400da2856522f98a2c6ad94698cf1a5ff5ece351e1cd98f122bd7ed871a5061329117eda0e76c5c472c44daab3430c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4fb691f6f47d1087807cecb668d3c44e
SHA1 9afc3706eac03a79736561a121575d024fab2b6c
SHA256 a20337dd743456edadef61213cbfdc5eaf1c2021ca875b7bc4f3b20145805233
SHA512 dfe18ca06bb1ef27257728bbbcf88c9842a5fcd0d50e68dcb6654d9d72f15ec523701c25b4d6d738f84148df5888eed138988e720640ebb6639082ceb657e0d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 df6f51590aad5e7a295136d7f9a68f1b
SHA1 0f354799e54a369a1dbb4081a705c378a07950d6
SHA256 ab84a4476249622618e6fe36d1de3afd77071959760dd6a918f4c1e194674b5d
SHA512 c67cc5323078ad344c517cc2d5005cffe8d3573af704a898e66c090c65ff14c62aed9eae4f5459e169544fe37a5a423ef15a7da480d1d9f96afb7362eb5cc1b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afab729a0abda0b9f558ed7078598047
SHA1 0b368c19721db7effdea36b1d9bb5467e04f169c
SHA256 8e2442c2e55f784a00188cb0e58b109821531131478443b66b1c04d3fec97bde
SHA512 8d1eba224033fd6976aff28d605d2b7e402c431f7e8aa390114bd66a7862fe71c0d7c52b99a1fccf5997b812ca239a0309c3958dbba0bdb8f4e5d35d962c0b37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65573326d65ca2fb83b837961a93e24a
SHA1 7386f53de3a185935add9992d97b7c92c143e6b9
SHA256 7455ec06907337eef3ca8535380b44f906fbd0f45af87380f43e0d1a53203df7
SHA512 944db17016ca0dc4f34d74177e3a85883004c22a1dc57227af835870fb1553b200ad506d14b6d552305aa1a09ed7fe1d4de3816eed641a5adcad782dd7a70c26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 58ca1d40a89d312e2cf295a0634b0f01
SHA1 af0ce81e2971dec5627c2b2120bfe505969abcbd
SHA256 014641178a4bf59ed834d17d0ae6d517323803f96f0fb285fa926aa5a490b192
SHA512 ac81f3bc6bbe4ea2749af44c563978fc350456ca3de14b2422213b7f9433e8e2c32ee5ec196f16c49454e640e9d9942338e2ec0a893530933b29d94b92255e62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e36b61173ba40dff0242553bdf604d10
SHA1 9bde7c467beac59686e0b18d24f734668c21c430
SHA256 0204530478f254397aa8ebec5dc9a99d9299d1b4d1145e805fc2f50a03bccd6e
SHA512 5e5103c89a1be262df2edd4763a236d36b2c15817282b483c09671ec055e2fa4a52f5e80c3c01ab820931b9b0221974a185cb84774609840f96d2783540c08ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c75ec7dfe3374fae1e7bb86ca6d2434
SHA1 aae74c68296426825fe27d2f53b51e6c274d027f
SHA256 74acdbd5df7f7413f06a7a18d22958ff05e1118803f9c3738d2f730dd59ecdde
SHA512 9f6f8c42f9e0f384c179f04268aa2b4af07235c3a888509374915c19592ab1011c981ec89a8720f27622f968d57b1a5572c88129f95643a023b48b862dd38f7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 532af0cb4bd5b64cfdbf54b942a809bb
SHA1 0d46bf70c47f552c20c003cd1a0c7f0b8c1b74de
SHA256 a93103ce399640ceff54f507cbf312b6b4184aa19fefe7a93694049acc8e07ce
SHA512 be0af25e5e90221757a7f2656d96c30a8bfed0d0762fb06ad81459bb5db9ac3afaec2f64d209855693b0028aa7a5c8c61bc5fb99815d83c41924e88e572df6d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e98cbaaeda21245caf399998cc50b2f
SHA1 34951d8dcdac85baf9dc21398577afca9405fd8c
SHA256 635a1236e4c131b28ac87e69afb5d97ecbc2da7d3268eb76ba05f505ddbd3023
SHA512 08ca8923ec986de7d6f44b6a902c3c930fe53a4bb4c368e7482b71b11df09624698238d8435d7847f425368f15a627461dff7f678c32f9db9291e02672f04f58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81c9df44dad4a93b5e4436f555314f8e
SHA1 f27163810967204317405c08c60addce39a46668
SHA256 d4b9a7a8b521ada8d9c2c0aaa60fc2575db95df46e79857771e9695df286db9f
SHA512 e9e41f837cf72373597237a15c5551665633250937bcfc215c5b24ffc186823d56e899502dc1ced1f63fd07330f978574862b3f9f5a023a2bc7a8365f52a531d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e2183190d6264038b7e33f8a31e4249
SHA1 f0f371b9048646a601f48a05c19f16cb643e8476
SHA256 1196b27e5bbef9383e882e63fa8448b9f90abeffe088a6c43749d25c9f4f780a
SHA512 fb01f792f5f37048b785a83fa38dfcef2f18e54fcf4f3c9e16cb7ad86c4f20152e10e957ac64c3480141563c7038730b9f9c936397e58db3af85082280c40583

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b0be39b391c2a9427cab6b33d07b0b7
SHA1 6b5ddad9c8b9cacd030e1c6259c03cd6574026d0
SHA256 b60d852dfbeb46de76235834c82878a706f486cbe1422903b84c150eb1b825fc
SHA512 300b469516642d83992de3b6fe46cb76a452bcd594b701fec6be9e980d37e2e35c40d6a37e5feee6569f1439a64f96a2afcd6863b618f23ffc65381371add116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 884cac6eee18d90b98d64e6adf4c2d00
SHA1 1447a5c8246f5ed092e54c54ba19cca495328845
SHA256 3ff250513fd12f0dd7638071b4ef9cd587f920344ddecb9df5bb3c55ed7a1545
SHA512 f6055a14628d59bf12f174d3f290009e0d5ccfdcd6e44c63d177fbd47169022b3d30600517287664e792f6ae18cd96c0d9c7b448671c1608202d0c3b063ad480

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 447933717ef3a3e3c7dfd81348a2efdb
SHA1 3bc106a761b84a0f7a51a5ce4d2beb72a240378e
SHA256 42667af982f5ff79136e0e609527eb4260604f66baff073b369c4f3bca15640c
SHA512 45df487a18edbcfb16e23e882f664789a6de6787634a775d998b77427151cebd57debad20a5fdc6aa4c2763ccef5e3c4f28e1706a7367344a399eedd29c0b24e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d371cbcb5263a74ce76d5a369eecc8d0
SHA1 757cc134c9aeee582279873b0eb2bfce943bea32
SHA256 9b50fae8a87da171189c1356a64730586e4de2cc5d61cd333ac7b0e4dfa3e905
SHA512 e60b4dabb7f156924b60903a2779569f5d13ffce550fd7e7ca16bfce35f9a391dad1263fd3eb79665301b0a12a89602bfb0f3f8ffe7aeb0289482013ace84a26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf109a9d2dea4bf49238690c3cd91342
SHA1 cf8c7a3504f351d66b1e343007fad90db3deabba
SHA256 ec13530b293e3a4eddbd0938a7fd20a841474117132d7560fa69329a1adaf048
SHA512 366aced0990b70f368cb63aa4f94e73094a9c9c9f4f8783002f875bac5922ab3fe834591a5d719f77fee271deccd631b30241cb25568505100595069a25a17d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a559b1ea42441cb8db70304ed74bc01
SHA1 bedecd6c2aff08afce0c280a1dd33d0cae500f29
SHA256 46bfd120f38bef150e972ec597ee1aa8267c290aa21f8d0bd173b4512480f70a
SHA512 0337f3d947a5599a26649fdcac2f98bb4ab3bb25ea806459716751553e4a6d2a7403aec22e8c62bde52a152f741533df6036c4307905f040b5173f731666ca8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17f385338768ab9bd107caa36f50b4f4
SHA1 8ac2c8382f44206b5e59a3489ded2960dc5e5d0d
SHA256 bab952bcfdc4cbac1e649ac5e2e144d5290aba631477dccae52f688ef5cdf6c6
SHA512 72d90e78deaa211442e608a3fa5bc22c846098fe44acde6b91b573553bb991d292590d1bdd494347c9996264480cbc3af92bef2463a27afe93592d3d4bb2c20a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8c9357d51a0115bd7d6c29866195276
SHA1 526d602f845789ef20348c38b0e03372f308f3b5
SHA256 7f9aad69a6b6ee65a84dfcf87424aac7800fe842f9623610531d1642be48097c
SHA512 8e5a1311a74fcf8fe32eca614d13c90b655d4c2caeaf0944bff3371657f2f1834124bfc821556f44df0ed9e43acdde0f65877f6903841c6c43278e0f5bfd83b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9d3b1919826745e15b77a645da59f7f
SHA1 21c7d70100baafc92161b436c704ec2e7be983f8
SHA256 303e0ad523cbf6c17a2a87647e7e7827d408c4513dc61f944c07638d3f68418d
SHA512 03b6ef30fd79f6048648aeb103057cc8c62b098c7ab8b974dafe0adba0db1f266d3a734771c34d1ba78cf2d716b2f6553563000990557683775f9a7648529a11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 600a1ad11bb97f7abb027b642b467d3a
SHA1 826e972795e39f5e2accbef49e7a7821821f5e14
SHA256 7e211eaae4c3a3f34e636589670f2416ff95390d7198cb1917a3d15eb252d5c3
SHA512 63a906d91b665a6e3279390654ccf73784236445dce294bc94d660e9aecf47a2f2eb920a15070ff029975a60cb6a47f91457e876b8c29864f7fb82614a757765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a750108d1e0c16071472ca1556143c2a
SHA1 aeb1c6b11d43ebddf03905da7d00c3ceda20573e
SHA256 74450f3c5a00178de09b117ee08e3f515ed72bc42b1f2fd304bbe48249557e28
SHA512 3ab04ca3512dbf9371854bcc7919a1a4b01ac023b095f2fd35d1e6594e97714a23e9b73fa9fd83df111dc2f578b6e62537746707eadb0f677d3f5449b4430490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7da954c2016ad4afb60b08d3aaca5ddb
SHA1 f23e0ac2d158e88b9ffb35dd039c6050b8c3ac18
SHA256 08d043a43d3cf4ca36ba8d3f3e60e01684a1006c3331aaa35770ad5741cb51ef
SHA512 5b9e7aa7cc258119b1662dc076a7634f9063896227a5c71b3c34426494a86744677bcf807b4f20c45a47afe43a759a555c7b656956fedcf50572a5089e517f1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff8e98abeb058cdb09ef4c8b0531899d
SHA1 87d345a030d745e48a74058e59c070a2d9270f4a
SHA256 1444182c261c265bd657dcf4c5badf30386d03a8fbd37643917f99c79a5a330a
SHA512 e2dc3f5e16468affeac05f266102668831d0a2e9020017aa81d8421db744e58ef43d64b69673cd02c9929e3e1bc9ce913d7c7b834711e8caf075d980021f0b06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fc1b1eee007676b48ad3815509005f2
SHA1 266651a6a45814bfa713a9afe4ad9ab2666b6afa
SHA256 9b46066817eefd65d5de8c08d4ba6e9b0fa2a8abcfb68ed40389367caa548447
SHA512 4c6022006b16113814837a4d3463d5f60240a75bfbf7517e299c680f0d006bb09c0b68d2bd8c6092ad2c3471177f681839cc2cb1ef56423307bd95aedc7084a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ef01f679aacfbd0ce6a007cd22d3f42
SHA1 52221e41be900cb9035fed0b33d488f0b7b4eeab
SHA256 45c8e83f83473785dd89822866f4079538cd8b5658b386f274d6b5ca353676a2
SHA512 c09eeb15820a332ed09565739c6e916e6dbfcedc313b2c6694c572dbedc60c24f48bf65bb6c5155562fe1908c1709adbbe6a7a634a30861e77d6955c308d736c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6306e12924e49789f4fd00a1357debb0
SHA1 3c0b2180d2e37c63daa92d25735ecd2fae3df11d
SHA256 c8faaa5a1f250550b3a6a4dc623914985c40e8c24cca6e438d558a2f557457cc
SHA512 f53c7ca504ab39b4aef3a7503e02cac279ad70eb29bf9df4586443d3dbefbe538d9a25ac0b4ecd84fbd709cf1787f06b185b8b940504f2f5d71bda434ed7a413

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 024a11055ef166900ad382e8fb01c717
SHA1 ed7d27810c45d47c3c5ab1e9d677ea0d3f58b5fe
SHA256 2aac5c1bfef961dd25115027bc2a2e2602cd65c316347b75f302ff7597f985b4
SHA512 9fa9fdbe97be63145e2105eb1e6316748802220013f329067e275f7759d9d74cd45a6ced503140e70f224441859dfa2f6a63442f5839d4431d0ed05ebab46864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3f232cf0be579c41831880aaa9aebc5
SHA1 90be5a6338ae6fb38c3373b3716f1882bbad46a0
SHA256 ace201d21475281ed80a847365f069889b042c3bc0b27986cf2bf4153c69598a
SHA512 b2fd24541c08979397619b3c92c5de3dc91e9eb11fbc0b9a81fa2495e596326ba0d502ad6f9e504183f6457c3477a612953cdb6570ddc956dc3a55db06813e35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b45bad6614fa1222f2986d12dc628c89
SHA1 9a22fd8f3e359516de9c616abc8d10b57e5ca722
SHA256 d2f47ba928d02a55d778f78d92a23509940b16124837dc7bae15da733928c2b5
SHA512 93243a66fb85b1c57cd69e25bed21ec56f75efccdc0ebc5272b3ee89964d0a3c12e0e636e691e2b693fd1636b8b9be933cbcd64e3a26d73efe351e78fb0e8281

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35bb8c02ae072a127eef050483ddc95a
SHA1 c35eff8cd62eada26f0719ba247d1494f8f95363
SHA256 a8e5d6ae78eff12e487069d9a81762992bd27f434a929d85d20551a489debc26
SHA512 8d7e57044225980849f5e5a4efad8ad33d4482c723fbdc493d05ef7d123fbcf3a5beb163ace92ba1850a1e8d67d7e8022d91e5082cb2a27aebfe896b56be6c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6b013328a0b5ab8e74034ba84d2421a
SHA1 e43c91f7abc0c62acddbedd7adfdb176488b29eb
SHA256 f15ea46393a8e684ba7bf94c5028fe272dd60b425042f6abfd67f41ffe5670df
SHA512 422d5affe7f93fbbf1a8b43413bd596a84df8a830e2fbe09088d9b2bd072dfc133aac6c4f492a9872cc17f401f9e25c4bbac3260de01c31d555b3d4f6300fed9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5a41b2ed1add8a4af2d4985f3158cbc
SHA1 44a599e75d02a08281e122c88ebdc1bed5e92f12
SHA256 78a64aa01e531fb44fb34d38bc74cfea7ccf459f4fba3f6977add9d5f906510a
SHA512 98f63c555706a0425922f8ed1ef8965c4e19b4cc60b2a188bc6e646b5598e02b048bf1dcf852557e04b71f2a48b119bd1d6d122eb3ed971a37bbfe4d8637d7b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95937fffa3067b47c8e199b1b53c1a5c
SHA1 67ff1b19a21e71d6a0f57f6beda52a58d619d10b
SHA256 afa93ef6216defd6b9772debf7c655f2be92cf0c99e34299b370eaff8141cc9f
SHA512 829f99642cbaaefa574bfce233e2fedbf2e50794950fed90cc0f2a605d44648ad1bf3769425c6a5d3dedf1d3de848bbcf29e35f12593d807364fbd686eedf9c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f0b2bfdb171f08623c1c879ea7d2bec
SHA1 4e4a298f827fe83c8eae61ca232fba834f17ad3c
SHA256 e1a4d8f671dfae18118c31ed5f78847a836d89d8f41002ff601aac17a9ed5bf4
SHA512 81478b041acdab0a22fa7df37c6eeb4567e65bc815b34540faf04d757d9a87ba54f2a0c848078f034f62e7d5dfe5c26b77a924a5d91dd8f785b5a984c8610b0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf8ababf8588d70a9d389299d67958fb
SHA1 a31ef9909ec887c50af820c510627b2308498996
SHA256 48eb1b4c3bcb876cb7990a79e811bd7d8be10459b418160d5cfc5d05ae2e2319
SHA512 447e66f1a12538f39b49dd19f8933ee5cfba46dd8d33ed6167a20e5053076fef31f751c0512fa8287ed83999278f8799e58dcab12fb4f60bfedf3d5829de51a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bcc4168c96c936f2d251b71c536dea1
SHA1 2d3cef295a8eab10f02f330591f230e6c79ba1f0
SHA256 9e16365fc6fa93ac51bd1f3b2b9495e5d42e883dc519e0ff2d6de014ef7f4924
SHA512 e14c31bd9ab7d28f72319b4ac3fb549495c42888f9987e69ce19d276b7acb203f5ed2216818f2d35e0845b5dbf809ba8ae9c4ea6e6514cccc4a316b646735709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bd9960f295c947e187f310efbaa861e
SHA1 1e18045829097931c812841ed3a6b94209f2df80
SHA256 9efc4c3de22e2011753e1bc3ba3ccae1da4a4e99eb48eb95fc7c0112697db22b
SHA512 ec627247ee3f2d4d63fb86cffdf799d6128e5912651f6cdcb15e0a7152f560fce895e85fee8fdfbd3494624209e3f140682499109e865ee30accf8bbd1eec75e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42dfeca1631fd6780e7d1e1c23ecf69a
SHA1 0a8ccaf8c3395ab18568f4bd2566d6f9be08d17c
SHA256 e52003a87d0f2d88aa03d3c4c09152995ef4506c2fef0776a0d8427b37dba479
SHA512 bd2c133e2304f513ed001e2a9378928ee6166cff281e7602a651574d926e9d6b2ddc36bfef292e07eaeb367f7dfbdab68fcdde035473ca913d2cd6d5b1932a01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 233a4d5d2ae933f4d1d8bc61eb3e6b53
SHA1 aa5d227339d2782704f9a6758e4eac1326ceedfb
SHA256 88135fb380835a51cd85f67d13b46914478e068a5c45b1ab8188258be0bd3a01
SHA512 16d67c0661a9a27f2eb27e080ae95d721ce3278211bc611df2209ee8b86ee02249034a24db3b3456f9bea381efc6ee0cbf5670250f1aa65b1fada1e1bbfd498d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6afc79e55dfb65876164b8b9a150928
SHA1 e43288db8c0ea2c6873288e34c737d31717167f0
SHA256 30d6fca878cc12639351931e95bdbd75067edb685dedc3d27c6f97a73ae8e021
SHA512 1b07d0a3f0290fdff9ec1603f9160104c89e36920a30c7841b7bf77ab1368f61aa5c32a3dab5fc14d2b8619a497f7bddaddc4f6ce3d247308adbfab2e6a7ef8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ba7322e0975eed2946763ff8d69b136
SHA1 fb1d7a60e4c1ec726aeafd5d43bddf12443a3d58
SHA256 7b0d72743a051915b5f6501b8921c84792a78472732b4a1eb7048409e19250cd
SHA512 68bbab28c143542ed3e27f31c44ff6e4120c423898229b9dfd70de858744edcee581578f76639a10e0efd648773a38a98a7acea9e2047f91091a17f95ba6a8ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\48d6d7b5-b378-4e04-b4a9-c50c9aafeee3.tmp

MD5 6be9d14ba223478daeffb43be2016c00
SHA1 4c25739ec004f9aaaeae8b100bd937f2cae45a6d
SHA256 758235d469825f9d3d0737589783978941c2858b1d45f79cf388738af49b316a
SHA512 854d9874a4d6a5d5ec8f49c6055305142aaa8bd0d981a1e7d48982d9386cd4de8eaf56bdc85c5906674741611c9b450bb45c507a90cc3add529d498c68d3882a

memory/4492-520-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-521-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-522-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-530-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-529-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-528-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-527-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-525-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

memory/4492-526-0x000002487BFD0000-0x000002487BFD1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db693297ea29744a0ec4345e8d8749db
SHA1 d370c8525b65cf4741ed0330398373f51f2c6fdd
SHA256 b683d0e55eaf0dc07378f882a02547b4c79172d345805a68c7ae57ab6b357907
SHA512 c7a38a0f0e551fa812f7c1ad48fbdb02f102e748414288a1d29690b3952e4f23ae1f2487b71079815fe26de91ed3e675365fa6b751f38eadf21b2c0f7c5e1390

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1e37ff8f-d11f-4b16-a590-a90bb7fe3243.tmp

MD5 7082e16db02e6c61b202a3b413158c86
SHA1 f7d80bc0f5a8e0c9a03922999b4a9f02d28bb30c
SHA256 861a73713b645df96530e045fef0d6e92052a6d7a46b3320c52baa151308e8a1
SHA512 ca7fefc3828e5ede088644d3ecb694c79b165eaf0ea82d0180d85529c4cdb55ac484c05e14f3b3f60518f030a15546d4b4dfaf76f2376a1bc6ad43a8856ea55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 084f5ff8d979b34f592fbdb2644d0cb3
SHA1 d301d3be8938ef8223be01c8a2e8e92385180bf3
SHA256 31f9a3adf56d02a5dc21bfff32d4f995b35774445170a087c2d59409c4db4768
SHA512 0e43d9b29285045150036b6e832a92d1e16cf286d8416bf710ff231d8f204ca36b13c6c1a6a353739291f69036e571bcaabf026a4ffc03c444a94a5723c3f3ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d73830113ed4a66fa3c538a4bf49568f
SHA1 5e1c64f2053d746b265850a4fc13b5ec616a70da
SHA256 32a836e8438a5870762b3cd74efb75a744cf2067d1727dbb64fb2d8841e95cc9
SHA512 436555530b3145a9a1ddc2b5f74f30d10466c5e34b4ae6c5a942d6216a93cacc23abb3ed455612f34fab32dd979d88fbb5c3e38ebc78f439049468f5c385b5da