hxxp://rec[.]net/download

Analysis

max time kernel
2424s
max time network
2431s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-03-2023 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://rec.net/download

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerBeta.exeRec Room Launcher.exeRec Room Launcher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	Rec Room Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	Rec Room Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 13 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRecRoomSetup.exeRec Room Launcher.exeRec Room Launcher.exeRec Room Launcher.exeRec Room Launcher.exeRec Room Launcher.exeOculusSetup.exeOculusSetup.exe

pid	process
4712	RobloxPlayerLauncher.exe
4432	RobloxPlayerLauncher.exe
3880	RobloxPlayerLauncher.exe
3244	RobloxPlayerLauncher.exe
4488	RobloxPlayerBeta.exe
1192	RecRoomSetup.exe
388	Rec Room Launcher.exe
4944	Rec Room Launcher.exe
4996	Rec Room Launcher.exe
1136	Rec Room Launcher.exe
4300	Rec Room Launcher.exe
5480	OculusSetup.exe
4320	OculusSetup.exe

Loads dropped DLL 64 IoCs

Processes:

RecRoomSetup.exeRec Room Launcher.exeRec Room Launcher.exeRec Room Launcher.exeRec Room Launcher.exe

pid	process
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
1192	RecRoomSetup.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
4944	Rec Room Launcher.exe
4944	Rec Room Launcher.exe
4996	Rec Room Launcher.exe
4944	Rec Room Launcher.exe
4944	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
1136	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe
388	Rec Room Launcher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

GamePanel.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini GamePanel.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	GamePanel.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\button_loop.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\GameSettings\UncheckedBox.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\Actions\HumanoidDied.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\installReducer\BubbleChat\ChatSettings.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoactGamepad\RoactGamepad\createRefCache.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Controls\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppCommonLib\AppCommonLib\Release\getNumericalApplicationId.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Squads\React.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\AddFriends\AddFriendsScreen\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\LuaSocialLibrariesDeps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\TerrainTools\mtrl_ground_2022.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\App.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\Array\every.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-3.2.1\PrettyFormat\plugins\lib\markup.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\roblox_rodux-presence\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\FitFrame.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\TestHelpers\createInstanceWithProps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\DeveloperFramework\button_arrow_right.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VR\Radial\SliceDisabled.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestRuntime\JestTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-24c5c11f-f6df649b\t.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Shared-07417f27-17.0.1-rc.17\Shared\ReactFeatureFlags.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\WeakMap.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Loading\TextureScroller.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\StyledTextLabel\StyledTextLabel.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestCore\Promise.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Number\toExponential.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-2.4.1\PrettyFormat\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxCall\enumerate.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\temp\Text.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SharedFlags\SharedFlags\GetFFlagPhoneVerificationWebviewShouldBeFullscreen.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Math\clz32.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingUserInfo\NetworkingUserInfo\networkRequests\createGetFollowingsCount.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxUserPermissions\RoduxUserPermissions\Types\ReducerTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\TestingAnalytics\validateEventList.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\ApolloLocalState.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\btn_redGlow.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Actions\FetchUserFriendsFailed.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RbxDesignFoundations\RbxDesignFoundations\tokens\Console\Dark\Component.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameIconRodux\GameIconRodux\Selectors\getGameIcon.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\User\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Requests\SendGameLinkNotification.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Localization\Localization\NumberLocalization.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\graphic\ic-checkbox-on.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-3.2.1\JestUtil\createProcessObject.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\llama\llama\None.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation\RoactNavigation\routers\ChildIsScreenRouterSymbol.roblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Selectors\getSortedByRankRecommendations.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\Symbol.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ArrowCursorDecalDrag.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingUserInfo\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\validation\validateModeration.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\PlatformContent\pc\terrain\reflectionarray.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ViewSelector\background.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxUsers-90b0d7fc-941abdeb\RoduxUsers\Models\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Shared-9c8468d8-8a7220fd\Shared\ErrorHandling.roblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoverabilityModal\DiscoverabilityModal\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactServices\Dev\ReactRoblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\NoBackgroundIcon.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestGlobals-edcba0e9-2.4.1\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\PurchasePromptDeps\UrlBuilder.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoactProxy\lock.toml	RobloxPlayerLauncher.exe

Drops file in Windows directory 4 IoCs

Processes:

svchost.exesvchost.exetaskmgr.exe

description	ioc	process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exeGamePanel.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exebcastdvr.exeOculusSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	bcastdvr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bcastdvr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	OculusSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	OculusSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

chrome.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247547415931863"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 64 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRec Room Launcher.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = 00000000ffffffff	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Rec Room Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Rec Room Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 50003100000000007f56e88610004c6f63616c003c0009000400efbe5456ab8c7f56e8862e000000b9520100000001000000000000000000000000000000fad0fe004c006f00630061006c00000014000000	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Rec Room Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Rec Room Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Rec Room Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Rec Room Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\MRUListEx = ffffffff	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 820074001c004346534616003100000000005456ab8c120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe5456ab8c5456ab8c2e000000a6520100000001000000000000000000000000000000ac46bf004100700070004400610074006100000042000000	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Rec Room Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Rec Room Launcher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	Rec Room Launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Rec Room Launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Rec Room Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Rec Room Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Rec Room Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	Rec Room Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Rec Room Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Rec Room Launcher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeRobloxPlayerLauncher.exe

pid	process
2492	chrome.exe
2492	chrome.exe
348	chrome.exe
348	chrome.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe
4712	RobloxPlayerLauncher.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

RobloxPlayerBeta.exeRec Room Launcher.exe

pid process

4488 RobloxPlayerBeta.exe
388 Rec Room Launcher.exe
Suspicious behavior: LoadsDriver 18 IoCs

Processes:

pid

4
4
4
4
4
660
4
4
4
4
4
4
4
4
4
4
4
4

pid	process
4488	RobloxPlayerBeta.exe
388	Rec Room Launcher.exe

pid
4
4
4
4
4
660
4
4
4
4
4
4
4
4
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

chrome.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe
616	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

RobloxPlayerBeta.exeRec Room Launcher.exeOculusSetup.exe

pid process

4488 RobloxPlayerBeta.exe
4488 RobloxPlayerBeta.exe
388 Rec Room Launcher.exe
5480 OculusSetup.exe

pid	process
4488	RobloxPlayerBeta.exe
4488	RobloxPlayerBeta.exe
388	Rec Room Launcher.exe
5480	OculusSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2492 wrote to memory of 2552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 3552	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2068	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2068	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1648	2492	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://rec.net/download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd704a9758,0x7ffd704a9768,0x7ffd704a9778
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:2
2⤵
PID:3552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2000 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2668 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2652 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5100 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5272 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=864 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4348 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5568 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5432 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5652 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5560 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5892 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6180 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5648 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4728 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4696 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4928 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:2028

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4712

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x69c,0x6fc,0x700,0x6cc,0x718,0x10bb480,0x10bb490,0x10bb4a0
3⤵
- Executes dropped EXE
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4840 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:WILjA_l996Qs4cL11V-0IboFq0itMvqC82F-pDcUcdNm6wyfX1H05woH2SEOXIvrXTYVqNT8Gs5tA3jKQ_xaBi7L6axTZ3w9H_QNTcy-XZkgALMJbxjJZ_3UK_bnxLKOxkjCwI9jfiJ1TBGmilePH1YeKV505QYMGBuekTJBvCmkOLUI9fQThFH8PuRl635QZfVNNxF_87xQGJDrR3iq7Wm4jTaLspGVXOar9yEhvbk+launchtime:1680281580255+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167628242050%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Df0b1e8b7-b218-41d5-a3be-f511935209be%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167628242050+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:3880

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x654,0x658,0x65c,0x5e0,0x664,0xbdb480,0xbdb490,0xbdb4a0
3⤵
- Executes dropped EXE
PID:3244

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe" --app -t WILjA_l996Qs4cL11V-0IboFq0itMvqC82F-pDcUcdNm6wyfX1H05woH2SEOXIvrXTYVqNT8Gs5tA3jKQ_xaBi7L6axTZ3w9H_QNTcy-XZkgALMJbxjJZ_3UK_bnxLKOxkjCwI9jfiJ1TBGmilePH1YeKV505QYMGBuekTJBvCmkOLUI9fQThFH8PuRl635QZfVNNxF_87xQGJDrR3iq7Wm4jTaLspGVXOar9yEhvbk -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167628242050&placeId=4483381587&isPlayTogetherGame=false&joinAttemptId=f0b1e8b7-b218-41d5-a3be-f511935209be&joinAttemptOrigin=PlayButton -b 167628242050 --launchtime=1680281580255 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1628 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:208

C:\Users\Admin\Downloads\RecRoomSetup.exe
"C:\Users\Admin\Downloads\RecRoomSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5372 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=964 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6032 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5980 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5596 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5600 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5940 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=2636 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=2972 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=1048 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4260 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6384 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5632 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6220 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6372 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:1
2⤵
PID:5724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2484 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6504 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:5792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:5164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6772 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4348 --field-trial-handle=1756,i,10089726923301145261,13749941512504319763,131072 /prefetch:8
2⤵
PID:896

C:\Users\Admin\Downloads\OculusSetup.exe
"C:\Users\Admin\Downloads\OculusSetup.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5480

C:\Users\Admin\AppData\Local\Temp\OculusSetup-683d5edd-1274-415c-bd7f-8be81bdbf17f\OculusSetup.exe
C:\Users\Admin\AppData\Local\Temp\\OculusSetup-683d5edd-1274-415c-bd7f-8be81bdbf17f\OculusSetup.exe --setupPath "C:\Users\Admin\Downloads\OculusSetup.exe"
3⤵
- Executes dropped EXE
- Checks processor information in registry
PID:4320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8
1⤵
PID:4088

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3568

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000501F8 /startuptips
1⤵
- Drops desktop.ini file(s)
- Checks SCSI registry key(s)
PID:2276

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Checks processor information in registry
PID:4156

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:388

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=gpu-process --field-trial-handle=1516,10321531385218749179,5032141342524686411,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1532 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4944

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,10321531385218749179,5032141342524686411,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1604 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4996

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=renderer --field-trial-handle=1516,10321531385218749179,5032141342524686411,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\recroom-launcher\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\recroom-launcher\resources\app.asar\window_preload_script.js" --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1136

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=gpu-process --field-trial-handle=1516,10321531385218749179,5032141342524686411,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=5312 /prefetch:2
2⤵
- Executes dropped EXE
PID:4300

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of SendNotifyMessage
PID:616

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:3736

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4144

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:4152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4404

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:5532

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:6096

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:4736

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5224

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5260

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5976

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5928

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:6064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\AppSettings.xml
Filesize
149B

MD5
48f58abeaac832f838efd2beb25f4c90

SHA1
7878e28b62e5d9bc9042a3e44094e39668f03384

SHA256
893a58e7946728c9dd5caac10e5bdc306a465e406c1f979ded52a13dafebce2d

SHA512
c5e3025b63eead12a0f8192ea41afd1216dd87b14a07d22ebafc6d3d899a06e80da947b3fcd1b3f2cf53b89b3de9967f89c415394d66c277556373b620dc827e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
Filesize
58.0MB

MD5
cd199f81c3a2cbdbf8ede573d6c19013

SHA1
f0fb145f124ac1d299a34ca7efaf98eb946718e1

SHA256
87da9bc3377e4503712a5fa01f1b4560effd3908cf25257f9c639ea671b34a78

SHA512
f06dde6f9ea5bf11d876b117a33f46a8ae5a22ecdf8fc768af4d975b626661e89ca7a866585131b1c4289a2038e8bccd28dee13b570ab4c37e1eef7ee037b08d

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
5685a66bbb2ddaea68a2030995c73681

SHA1
44ac2693feee88df3a2089eba92f8d5e1531e698

SHA256
f64bf2743193aeddb079c194f77147f661d569f47b341a0601fafe780dcd6341

SHA512
3fe9983b5b61c4af2d7b4a93f90ae75ea4e0b113824ebb8edd100507a747d545495126f580ecc2b2079372d07065a8284e3d8a30c62ba098eb791ea6fd58e685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9096A354A7A3E42F3F619F51DB75C6B9
Filesize
891B

MD5
6c397da40e5559b23fd641b11250de43

SHA1
5f3b8cf2f810b37d78b4ceec1919c37334b9c774

SHA256
513b2cecb810d4cde5dd85391adfc6c2dd60d87bb736d2b521484aa47a0ebef6

SHA512
0f0369b90ef4930f59bd5c0091067200828bde84ea703c1029ec5603cf4bd1084f0e7e15f370dd5554a9e310d60bd01ba54492e2e6d6301e44609033ea9edbc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
77fe74748744e11a14bf685a0a2b194d

SHA1
7816e90d918ac89b7083bf42a3500d1ad09f0d4c

SHA256
9f84079ef5d34015c1b0784f1cc67f0bf5e557b1a4a61e235454c929f622d556

SHA512
c0d5cf3ec8a9b473ab482ddcb2696a20618653abb1eaa466207bc5cdf455b4ac83f34253924abf20f61ea4236c08c65f3e8e11f591acf6865e3dba89bfb9ec04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
a1aff9fc8c39b9e78bcadf1b1f368b4c

SHA1
a811de11a9d684da0b643a30abdb4c6094158211

SHA256
d075ece419618cb999b267244242e12e342626a6979d5ef80502f742792f29b6

SHA512
eaffbdeb6061a8db929fb25b5467ff7d8a3378ced26a8659458a4bc141abf946238e2b6ee20a20e97f9a8b901efb23fbc902a17d4ca8b626d9f720cfa28d5a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
f3dc2965cc02de690e7a12821c3b0923

SHA1
8d20d50246f9f52076b9155c2b29b32db132bf60

SHA256
7c2b3c0f3b5f221862374c7f53c0e4fee7fc814448c53d9d8e0d36db67f1be20

SHA512
e73b643a8300209a8f9ee5151e46d11fd4c6f0481f8b0e477c949c40558d2a727952fa5cf9d4b37c8ad4c9c75fdf4e52127b4791d3f5481dc53e53cfeedf0d93

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx
Filesize
176B

MD5
c8fe7ab8fec8bd5eb5f33002bd5726f0

SHA1
627897636fa8b16307e7babc4d77d40a1f6cad65

SHA256
8d109e65b1df960661c0ac3e96560541dc8d76b321e7289fb89c40113cd37f68

SHA512
3837384da7ac430d62c27beb5554d7715e4d21de459b3c32ac0c5b3c22d12be9f612582ffbcbc81f07cc75cd0a4ea5ce9719044c9a39da343f9eab17b2ce764e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7c790cc3-ec45-4743-93bc-d261a0d71418.tmp
Filesize
110KB

MD5
d11fd5738f649c5fec4b1c3ba1675102

SHA1
3294a06a937ec0032d675f5b1dbe3fe7e89825ab

SHA256
795131e0da948f368a5bb5c60d0cdacce87adf976f552ee45a9478a0cf30d62b

SHA512
a6e803ff9b86b24f0cbb4b52c4d11dbbbf10758e79d211c50974202c963cb15590b4026fb572839741cf11745e7dc144959aaad11fd16e245f1debb1ef9b45de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7e54243a-1ce9-4731-8a42-32b872f934b8.tmp
Filesize
6KB

MD5
ff2a21e6f53371831ea9a8d351c222ca

SHA1
364ce6337864c8762a022f697cdd230884cd7bd8

SHA256
0ab6d121087095ca89933d5138bdfcf5ef7e5d412ef0b0d1e55e653ce3c64057

SHA512
d7b9f73e51c4cf01eae1b67d3f8670c24cfe310b8a260d011c81a62b8263ad3cdc1b6e6bc2dc42b03554789dab60f2470f5e8f29856a52165bcaa3fbda7cd89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
87KB

MD5
8f3f79d0cf195bb45a90f3f6ce52c765

SHA1
0dbd651547da8916062b874fd671a005d4d4c876

SHA256
5df755e7d1f1fad81564342c72ea8226bf3ce12aa5892556f37cab01998ce045

SHA512
a5721e75631a6764974b26e1ee4efddd2adac7ed7cb62636620a3e6c7eff95f7af5884a4526cdf82036d763c9e5aa4cbc4b340d5cd520d45778ee2dcfabab1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
53KB

MD5
0c967bc5c8772c127e230f61240b7471

SHA1
36cd8a00ac8fbfab549ff37bc945c4428b771862

SHA256
4ee5d445a56c9c18f517b03b96e2b64cb0376de8fca6bbefc30381f69102dceb

SHA512
4ec14d3c652acc1352f498537f502dfeeb85dc54ca4ea2e09eb6682d03009bae2f3a963b2455808a9c8689a276df931477ffa24618346c52596d9b489caff164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
Filesize
65KB

MD5
c437d81d49d797a61ef576c3696ecfc5

SHA1
9db89df69a8fbc96a9725f14cc01ba605df1a35b

SHA256
576fed1095715ae89fbbeb5f477b60751e88dd868ec4845b2d86a6201fed7a0b

SHA512
500b9c694c159e7522940c6e17f9cdb2ce875d9686ab752844a6e7a5cb3d9baa53fa37cf4933f68d2e4527bc554d0bdd4d508c9e36b0c0cb6546ed624b79a5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045
Filesize
49KB

MD5
db8436504c8e9777396653af23d7ce18

SHA1
f63326819d67d70f8ed3965eb756f977acd269d4

SHA256
b3ded440b6313fcf857a1714d09a63963d5bc7dc23911cafeba82ffaf3f60aa8

SHA512
3b0dc5a8fef909fe1c9742cb02b41bdd2c068c046d1db61389cd142851cd6e01414d14b28b5ec2ada8090b3d3380fa590cab16424ea41ca6bfc04f721a5ae8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050
Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000115
Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011f
Filesize
51KB

MD5
5cf3198dcb31897121c0be5f19a4ebcc

SHA1
fe6ae266130ed938896b256c6c8460d0d35b5548

SHA256
74b3332920fd09fafc5da024eed3c8b45136236d8ea36dcb74b733600a8b02c8

SHA512
0971e22edf045844ad2ba12b728fe23defd625286495bd220452ffa05c5c2b6e2d36d5e25e3b162959d5bc2bdecb14ec97022a3e425749ea79efde4fdbb3f043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000120
Filesize
27KB

MD5
84b49c2abeaf0e77ed808730b2f514e6

SHA1
bc3901b22396da7fb1a8d9fd4af799bc776dba80

SHA256
7a38ded30b03406865dddf0de2f6ef8bf53649e024c03137b6b9bed53a093198

SHA512
3af1a0283095a17c1d1f773f569c761786c8258d8e268bcd21ed1aa5952a2ea8d2c8acbe829065ca4c386ede471c1446f5e549c17c421b79f3e959da861362dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000160
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b2f2b7f14b40b16_0
Filesize
243B

MD5
ae861c2acda9ec26cdaf996140d33ad9

SHA1
606407ea85bc0fb0ce4a6226909531539df4a531

SHA256
29d221144541d8f40c3a672a2f6cbdb7d0eb6da9a359cb05169eeea8ff4a368c

SHA512
6f72eeaf17ebbab6abb9b097bb920a421df44582f081856f6af534496bfd1cb8f6a1afa0c477af6e237a51dc827b63b59d43625911ff2e9a063a891fb2d3c2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\623f912f707d3e75_0
Filesize
78KB

MD5
b4eff2a6bd92889f2007ebd47a91ee40

SHA1
29c489763a6fa8884618aee12c98f2d5b14805c2

SHA256
77e4d393a8fe50dec61d75812fcc8454affd79fb5f4ded462ced4f469c151e20

SHA512
1006c1a0f03de29deb0794bf420eb0718def3c3b171b4730e78955d8796fef7360e5a1d9faba7a60d285ef5be658e220d3e3a216ea37bd8c1267bf76255bd559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae5db94ced561ea4_0
Filesize
268KB

MD5
49efcd63ae58d9e497ff4d745c297c68

SHA1
c69d43d8ab571d35d91042c720ad7b2d42553909

SHA256
38ebbbedeb7bd7e7b351b309e879e7efc4e0fb6c6aac6eb41b037310884ab782

SHA512
451795af40e2404575ca6a79ce35269c59e1811db4c569e4b20b44178c5ac131adc70d4ad35f4560fece364b38b098afad4366b62728ec1fb1b77610eda9bb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d1a26fbf284eb729_0
Filesize
262B

MD5
1f91adb3687674121189df2a6a85ef98

SHA1
e020980c80c075b37c2f7a92301417de1d918a01

SHA256
b61cd5e82c0bff8c3105678b626be8827a108c44df5759a2e0a06d28a25201b0

SHA512
5bb3b23f37da967eddd9018e680f7969dd9b4348952d50a86b5e82a5a24a21ef94e08be208ae914e2cb696ea8c67e71f7eb22e46f9fcae29b475fe2849a3d0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
9KB

MD5
a76410f52a1aa32bed0b4bc04b1802c9

SHA1
4ab094b766765033c31979907c863725d4aeddff

SHA256
2209a81b3b145b9700a37366662ab1b93c54d57360e5b5af3536e47724d60dab

SHA512
5b6733d1cbccbb76287ec0f16f8fecc7f859b34e7405934d7336bbd3af76c7f351c131472dac51cba7a8179385a8836dc7d37368a23416c3123b2bd49dc2e0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
9KB

MD5
0b3a35ac32e1cd240bf6725983476937

SHA1
cf8571a5d5b9a499ecbf0e9b41e38bc91ec4b217

SHA256
9c8ed5006f94a3fa1c272b3a649de20b4a207efe2da70b525f6392e16dab2c85

SHA512
58e25b351112e41c762eae2f973abfadbb14935af54925729deae2100c8b1aa1a77d1910b84f9791082ac28e61ced2fd7eaecf0aa7d32903ec9c7500773a2c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
963577a3a4f71dff9568ba3d480101d4

SHA1
0b6bc658fbfd17518ec4865dad8c1d85b5736664

SHA256
ab2aa6cebfd1be7f07c2dd8d54ab3b5b9ba72c91a239e424c0baa078e05fe95f

SHA512
5bbab6868e1214d3511a03355a81b444223a23847a2389d3a3c6688af2a431ccbb3a41cdcb2f31d0b8b2e2ab34ed500213463d78f47f8bd8fc3937e56afa351f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
40a9e11d455d3e9ace560ee40093f77e

SHA1
197ae3794956d1ed7185b5fcac1e93c9aad2254e

SHA256
15db7f640180feb009a7e3f9f45d2e3eec7c7388b71025b32a720f4a6a58ca10

SHA512
84d9e36cf25440d0dea918de099c8381ccbabf11e01805cec93a677bb927c260eccc8face036650d62ad40d585f697ce2a82b29964a305b4c3ea2213b12efe47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
62b04f403961ce8611426bb6964b9e6b

SHA1
c4ce714cd5ad4e895493081d6e0a8c23a1bd32b6

SHA256
6791ce2ccc26652bd27ea93a3a8979b6c0b01ed07875fc134738597ee05e21cc

SHA512
98407df5aecbff51acb792517e70fa4cabd4af01ceea184fc1f9c5e7bc6eed5226e8b445e8bbd1d62c3b0a40a1ed44581f7e7568634a38761059d0de3c710364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8f7a2e6e56e1a5379fe4666ba502dd98

SHA1
3a9a8e9172f12209ca7c7e83981a51411223d0a9

SHA256
ba20dcfafafa529f66658cd0ec0c226c33755d3e8c265c5e96d589436bc72f72

SHA512
1ad1eff143dc9a5e437a94a1ddaff2743295c5ca64e06cf727989c022239a9a9b362632cc28b4b09bb4a74ba55669732266b591ddd46d4f4bd12dfa2931b00dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
13f71fbaed658655e7a247b5d1334da0

SHA1
e4f9f64c8efc3855285101f175cff59a9ce00654

SHA256
d1bf9ac07b46584bb2ca3668758ac7c8c94222563a22e40746f8b4faaf835ff8

SHA512
ae5391a5b840cfeef542c0580cfdc55a605876b421a9992d368330e721506e556dbcaa78ce3a7aeb4226e8be1014564e244a55cf507f6631532bd68aefa05b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
9536e12512c8955c6b95a9bfeccb9a4a

SHA1
52a7b0143e49f017aba76166c64b7f395bd84c3d

SHA256
9bc857cd463a1ae45acc7a7172b0274555912c10d84d7ea2a52dc60191c9f83a

SHA512
670f071cc02038c47e2cc5234f29a58cecdc314c1d5bc160a82a73169d62335f4e2864ca9ad482d2e1cfc57814c7d48de40a359209c2fe2b2fa4ef4c9ba90ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
929e5c400f7e0781671d58ea78ff6394

SHA1
e6c2dff81381dedac84f4787d0bf773bf86cdc17

SHA256
824492638a9616f80012ebdf2e0244faf37c3b83569aea812d715ec739484a72

SHA512
d4c3b6c4bbab1dfe0d041968cb595fa262367c566a59f9cabde5b51e26d049194d391f681a487a969b221be7f5e574a1dcfe0f6fe8d4c9307070e67be6111c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
390B

MD5
e199c00323731df588ca5917fdb46723

SHA1
ead74d75fa36edc471dbbaacf9e508f2714046c3

SHA256
1a8c2a0164e7cfb587c07203c07cd0bcf77fdd75aa348ba13a41da384dcbe38f

SHA512
057ad4eb2bb7da025fb4e467b8c9e129c65322c7e3a8ff27ccf918155c39f0425568788d240f843c0b1b386dab355e3ee9b0d89d2f1e1e98a146845d32cb52a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
387B

MD5
76782e733262e6dfa2d125ca8a35d85e

SHA1
91185c53d4f12f9f26dad927abf72ad8eac30d4f

SHA256
35f0058e0370300aedc49b97e830e70773768ed584728226369bc51fdde4eb98

SHA512
44ca4632d7b1b59bb87b5bfe11dfb3a9019b42ff951ede1972ba1d422e36a0b45c1d0850db94bf9ab6e154060bfece44b523a59c37804e7b892707a402c0e693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
387B

MD5
dcc3c86cc33171a9513bb0e2424fb82c

SHA1
d80d01b87b4d1be6f28cd9fa3d1b3de7ed5e6825

SHA256
203cc74437f213527156a36405f63aa266a2d2cdaaf5d9bd62cd2d21d0bc6baa

SHA512
f5350abc67c38ec1762c315a1f5275ab0224df93667a1594a319c3504f16893454b696d763836a384c465b73e8173abc4444c83f2b5e3cde7c0d68d0344f17fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
387B

MD5
223fc3c42f6b2b2bb1d88c18b698ab36

SHA1
c36741745d22576f46ea11ee33e1126fb116a02c

SHA256
416e245eb096a48af3e59598e31be24951c9112add27498e3bf141e7df4765df

SHA512
0446dfde25e42ca6eeacb9fae003603edf654a3f09665a0e15d1c3e260ee9d5248684ad0aba86a33d1d65fee31bcf7fd80efe00e6e9b3584d7a84b5a9e950ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5baa08.TMP
Filesize
347B

MD5
9111d89297ef645e0f4fec5c4c25c6ce

SHA1
82b59066d48b0c9282ed1edecb0925aadb348ee1

SHA256
d2454535d486e2c6d2e8a77258084b0b1b4a3c199fd5533108dac71ba212bd40

SHA512
84b5c826e913e1400149ac9b27417f9f8535c1846d87f00378c088a2ad60bafdfa350dc8be5a26d5a83044b60948feb892d6a833ab5e1bc9a1352df98a4e4b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6141fc46-d9d2-435a-a778-cf8603599448.tmp
Filesize
7KB

MD5
1416bc06c093f5fc295ad45aa12ec402

SHA1
3f68fc0d2fa8ed5535f0fc86f4cb469d066907f2

SHA256
dcb289e20e8ee95277aa6dfcbaf648e1e70bac9b704e8fb5ab523dcdaec50572

SHA512
5f84d50518c000ad082559921401cf26efa498853ab02e60cf929be4a76fa0ef9a9cb5cf1e73cc945fb9ec72370eb23f8bc251477f27e4968fd820cbaae748cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
a84719c6afc660f1ba17e32f69071086

SHA1
43a930fca731be603e4dcf7482370333f64ad100

SHA256
7da128a6d59af7a1e7ece600069da570f32d257e0c0bb49337ec093808c86a19

SHA512
d53c96bdd58636a6b22af043e6fe03ba54be037aacf102201f966ea7418585ae25d702092b323252a6210ce3bb07019c1f878c3fcaee5af52b9f25c4b3d790fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
c36dffe740e7e30280f529bee36044f1

SHA1
cef095ee8bd78a048a8110e7fc50e11c08c028a1

SHA256
33b5be5fea0054996a417a7e5c009ae9bebf59a3ddbde42eae7223cebf2be591

SHA512
acbf6d53e98d9e54dbdc265ba2169c9ac910fc8b5275e7e80cc4f5791188e1b77c7ce0b540d47e79e09fcd5641e685a0a711e8a9312ab3611cdc702f09c2958f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
2f6f9b63a919b4b0c3e9aeb95032391a

SHA1
bf37642ad842cebd20ed453ab335923d70c1556a

SHA256
cebd4b2d1750fe558dc6250e87d2d094d7c1159707f6120c22389f0815581211

SHA512
047879fffdf9e7db7a0e1def07bb84cf139df8f8186fd92a0ea7d0722f965e69ef803771fd12ae6aad9c6dfb4e67d1b8f8c9b2f8f8e0634c5b425b3997801849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
e903dfd1f9f48a1bee9c3a50d3b77efb

SHA1
d1b1788bcc501da2eb56d40c185b805927b7c662

SHA256
ad2bfc57ac1378ceb08d1fd4f56cb1e8110c0f84ea6043c4b2d1c3080b09748f

SHA512
5a1e04d99f3e985c1ebde80a03d40197a24813a249fd44e343231a9e7af1fb771bfad032072e3e18888441d470cdea5e551467ba8f3f83f6a1a18508dc2a1d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
b095392c3fdf8498fc6c8f443edf5303

SHA1
d2ea673653d8d135cac050c118ff96fcab63d9cb

SHA256
66f8f640edc1e426af71c6d3e3ae8bde4aa848da4f4cec894cc9b71204f602e4

SHA512
7091d487da03ecb6892cf328e6bde5e1e4a2264b0aaeea649c18a403a5b67808a902b8242abdccc2b3d798985a6e3f5f8f63ac75f9ed5910e09c6c9c1909878a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
54614a3b7570107dac4b56cc3ba0129b

SHA1
3ff411352aa5df6560a383ad81679b160ac53c37

SHA256
7740353f225b68cd18c73f49cacb9b055e8e68f48a15cba13c2d11e0d43b9e15

SHA512
c7678d6e571ce0960d93433167f4a471efa80979715ecb88d96aac803923abe43b57585b828242dfaffe9874021fa8a8406ad24b03f2b54aa6a2a64059678d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
ec55d8b600cc2c3039ade047d0c4d605

SHA1
2679a2b895b2a7467fe6f9d0095db617741b1276

SHA256
ed1ad8808efa2ba7ae44b0c0dc066beb16ef23c7fb74eb89d63bacd723f4d944

SHA512
b168279e816e503e42e2b8aa4abd393bf563327204bf8b0207737312630e436ffaff468b43f5d0c4072eec3ada7e491acf5f4aac1dc7da7ad1b14053c8283938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
f152d4c74c2b4e49459cb6f2b280f4e9

SHA1
c3c57cc52450e95088064e90e7815f7ad61fbb22

SHA256
a4196be2557a3be9ff7a7e9a9e265c6955d6e48e30989916883e0786e3e54204

SHA512
d8f948e72fd169503aba97a80edfabd1e69d94f0dff338ad9b08e1d7e3dce587f3982cea150305cbc39b059ae5b2a383ce0fe010d02bf7b907fa12ea989c61f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
eee340dce03e149cd421d380ec0b579a

SHA1
c44290cfde1048cdfb98ad34650a019aee1066d7

SHA256
887cff19909326190f7f1276ffaf3c73bb82de7dc49311855fcf15bafd119cc5

SHA512
97e16b44065b217031df254401cce435eb10327a2bf5eb36130e9d8f54839ad4ba5409864f6c886e2d66ed206c4acc25d5e2553776a4f999c007c6c2cac916c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
5fdbc72b273b48693dd97e9799cfc2c6

SHA1
dd52810ed1e8edd5237e4246d9214e4059651bef

SHA256
8831e72a6828b53515934f78d67a146085087c60af08a762b61812154cb70c20

SHA512
eac346f208642bfd6e3d149db1142069777f80dc3fad8ed5802060d705ca64375db90efa5948535c59ec5471d2bbafbc63441609dc599f020f44a19194c9e5b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
eddc0ed32f464c32730d51e6d894b8de

SHA1
c25e01f7bc32aea50a8757bc25a8b63c79975c7e

SHA256
722aa6acdfb01c703ffccf5ab9d502f0afd67d80d6122204e8a71e0054b44af8

SHA512
a66ecdc795a75469eee61d7a60dbffecdc2c0745d7fd1afda812fb9dd08aa77496a202fd69dd77055f19a27fcf36b40f4c76c47e364732e1b219d37e7631a62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
0f5275527d73a3bffc45531a2a4e1a9c

SHA1
aac917099838b04e27784e699de660734cb4c0de

SHA256
c52ee74b1b63ac274b5be7041942915bb0caeeda2c410c723903dcb22426d8f5

SHA512
f648967c8c882a10ca906ef05acfa86537ee8521b1133e2754e2f7fc8282a49f335fa93c34ac9af8028c0df1b9f1c7311f7b3482d5afd1b50dda5b392e88a9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
6c08488f10691c332ef1457b8acf1976

SHA1
037b18c0b7e3063031e229eda15416e0f6f29405

SHA256
e3168ef936315c11a2f3d64ac95b798af3c1dc9041395609d3cf693b39ec6fad

SHA512
2f6f9cdcda17677700b3910938e93830e02445841c56707f34026bc7d26c67f5ee4e6a2263146e65c71febcb252a94b1b7c933916193d9247aa464a7e4c46349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
4e280d534f4eb924a0b3424871011426

SHA1
2ccd96e0619eabbd586c91225e8f7023751b9840

SHA256
ef6ac988513c8e014c3136dd99d963c177c36155f09f9d5567a6426187b72048

SHA512
405a3c1d800071a614f13a58502272b551aee1ead0e274931e7455f77bdd11cf71645725fc8d1193a31403c6d5cc92953740a2315a3e6eca0b4853b48b7254d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
de0a6857c5f264299edc434bdd8d3be3

SHA1
d2e7994fed39274a953ef9eec6075a37de9b8a31

SHA256
8468a35e13d41073e46b005f3a8289443a8af9162a8945bcfec2ea47909ad805

SHA512
476625ecf6c90ce7bf9cbb419aab846e3c9bdba4a2391e773a30a507eea42b2fc50f1d97f6a9b553284faee9a9ce8cf8a2388180c58af687c7d115aa123c25c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2c444044ae1f8c38474c053eaff20810

SHA1
30c02bd99223dc0442ba78862beb77bbb7339b93

SHA256
c0b37d4e517ab16c8428bd195a66963eb8d0bf9084f40b7cf346a482a239b4c7

SHA512
d1bb684bc1a1a742ea1ccda8232dcf067fc1c0fe61f658340a8164c4aee5edbecbf47f0cb8ee251ce02830e1ccab410180f3512ad8a841a59dbbc030cb08c349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
b19aafdb37f50e09874fddcbc7c5b45b

SHA1
17ab700473d46297dab3bb63e265dca4872f1e4c

SHA256
44b762390f1230a4b2c55bc68bf6dfc6cdde7955b8dcf33a7387c540c0b9b63b

SHA512
360070bf093bc6b7f7d50e8bc11099def1b536357fd7dbb2e06f04f92f25033f18cba95fe1145b40b4ffc2f814a7ed1c44489534a75dae360ea2469dd0e93e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
8fbc8ccf748d34214e78a8a6df886611

SHA1
80eba26bf1204ab5a1a46e77a29b203e721b8556

SHA256
e4361bc6ae752eb0a3b7582004be0b5ffe39b6f0f8846e119ed461c3c184ec3f

SHA512
f76d302528d136e20c0125275e78e0d39492eeecb19f110efae4c1418c22f23de74cdd2e05fc516880a3c5e37448736c898dc0a984171e587098717544b87579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
c52664f03c67ea763b7e316df4939248

SHA1
78528c05a3cae784f627fbaaf71a1a69f602f179

SHA256
b0a1317168ba9c381bfaccb766d9e890b76e8248b3592bb67fc29213952b16a7

SHA512
9d2658b11c28830744551e62bb6e3e9c9782488f0496e0880fa76dd595d8b2e72a82312a6872b304774aa8cddc6401dca5b7e21a0bc1ad3a1c8122c44276c508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
74a12acbc0d519abdd3c4244c468663c

SHA1
d15649b38c1a0f84ce54fa3fb0243b112bcfdaf6

SHA256
07ec1682430f83689e907123aaf698f9094cf59cf122a8387dc486c16576c008

SHA512
07ddfe2ff1ed2f328f101ee86e2d701c2434863abc8c479cfa5ad5f41333637dde744e1d232ea0937d7569d6e5f400858ec24ee573cf93ea308093f9fb4f3f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
89f1b8957b20adee046b288fa31c01a7

SHA1
485c219efd9145bc3275a66cdd3988398df318fd

SHA256
74f47f4af5af814e97a1d03ee43076cb13f5a64dedb6f1ce82a5a6ca362909b9

SHA512
f1d209e3d9b3e46f65d4d940a9344a627253c883df298ceaf57ae0b5a73edb75791c6a04bbb7e80c77474dfa2667b161084e2ef37d9feca019917e59557933c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3bcf90608072a79b036cf5e8a3a8d8b2

SHA1
62508428999645badc5f459b70714cc71c0bb165

SHA256
d21cd10425533747c1cc96a492c1ae3622eb8dbaf81748d3aa9652dd6248b6d5

SHA512
740b5c4ba867e13b3a8aaa64dde415c84aa38c11b8d394f5e0fb5cde518c1a6f24be63701fab62342b42f67950d798f2037664dbf3bc72bbe6d250a84623e304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
e8e6464da3517efe877b1f03c5e4da43

SHA1
a7e0c6e10db2a50e31b8a193cde97c7bc65c3ea4

SHA256
6ce2c1a92167c053473016784376342d6826e8c3baf7b25918eebeeef7752e0d

SHA512
e6089f25858e55e3d320e4ea7ceacf5ec6a3b32c58b5933e839590b3cdd80701f9cfc6f21fa52487e98ee212c82e3f8d2104911168978ddd8ccddb698c5beecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2f0142848da8d32f8e02bc9aa89ee1c1

SHA1
55334710f19ab79cce121638ca7b0dfd97c5d9c4

SHA256
88b0fac770eb585337d7c14d75e18b079811f2ad7d706a769520ab7d64eaae4b

SHA512
c41bdd838647cb9a511b3428bc3a5fd93d7e80dc4ff5fc344c783453f6f607dd7c98c44f7659d600365fc1ce57b18572b174a2a27f4974781fb6d8878eec148b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
5170677f57cbe3c4f6a0dd00d7245309

SHA1
72ae2a1c452e2f7400aa195d1278e15a635315a6

SHA256
eaf5c00621dbef277e2dbd32aeb2d3c062574eef10430158afdb1ae23e0ee4ce

SHA512
0f4bec239b590bb6aca0738b3fe27d63ab289245ffb6058e93afdaa7e5bf4ff29042e359560318f1f274e99a6219199403a87296fd9be62281889326a233723a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
03e2ac6d37a65ed4df06033497969793

SHA1
93f6a0ac08aa51ca19b3d1932bf3822a4482b624

SHA256
a15c2ebe180d092a97796e550e82df755eb1d5aba58fcbc49004804d608f9d81

SHA512
662762677634d7730d3f60c64e297a2b0d2be0f7bf192b6686ae8b27d76c0cb30b068ac8d837cbbdaa5c56f23886093849967449faeab6c91693726f04274b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
74fccd9b1e5f9be532ecfbe666659413

SHA1
06a15fd736f054134127339dec6f10eef27b177e

SHA256
a7181950b0c5d44438d92a7546c428f65a014c164e3bbc194d926772b79fecbf

SHA512
e13f1d31797719b24aaa1c654d89082d8e77458067897a7d4101301c453fbfb90409de1b1ee42ec072eecbc416a8303e8c1ec61b67c242fc7020c45633ef4511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
38b7050cf106d6ef73a178fbc2a7c072

SHA1
9f08a0d413caccc5713366c0a31f367be12d1d9b

SHA256
860e32b7871082b38ec51c80d09315836b4cfaf4235b3cf7c56d6e9bfd845165

SHA512
e5bc464bae14d6b5f6d81e12f5b5a911981f6f88a3419cd6befe226ee8bb7ba3cf4219f3dc56dc358a595992146e7981285081b4be618aa9c2d91a6c844d32aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
f4f6076d89b80388eb1bf83e39cb3cd9

SHA1
6741e77523e39a981fa9c6ab4aedfa4863fe780d

SHA256
7c2815e67816ec29e9263f8facd8c4d58469dd35fc5f88b7853fc5f56259938d

SHA512
27f3e1b53868d6f2afde4b5f93e83d1820d5bb56b31e19fd41e72f30325f6cbeb2c13d4fb4f45856055a8773db02060b0e7d39d85f4f7e4e3373f51695a93139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
e66ddd2aabf504f4b2dbb5f2a9985fe9

SHA1
ce5e9f2b32f38dad445092e25483da12309ca229

SHA256
e4e9d30f2542caf04cc50a23a731d125fe77046bf5f8ac8cba185dd452fe1ebf

SHA512
e7da37feec3308f743e561a220d9819f877a1d136671f1be231bac37d9683cd82d5577c75430776689d2e3eae2b831a31397a98605e2dd9ea97a639afbe53226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
df544ae9d3136106617a20ad08dcf755

SHA1
de4bb590775d48d8ab0889b9f434aa7dfd4401a7

SHA256
c74ae5202860b3000a3683a88b9aa0c4789ae16f8e964be9a379712a5176774f

SHA512
81907152d859d1a58d4364ead73ffb1118a4e21eb898747dabd1edd2429a98b509310b1cf1ea5ebcb58071d8cec07d5c72029316013d985cfc500901342dc11b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
07be5186db9a0e387ec8d4f7b8461fc5

SHA1
7f27787783f407759292cc4a94c759e9a0d8dbfe

SHA256
10edb57f2fb8df7234c5ece55325f8b9cc8b47a371d0a467588834fb565a4313

SHA512
3092cf6459644731e60a5ae2bc2a49f1d52b7b22091bd761ff5bfb09705ae245934c4aaab1da4b2b15be662f544ddd1ad3b573f7f6fc608f312f357e37a06e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
888f1f5fb76f63f8514c9be3da84ed8b

SHA1
0388d122235f77f46b755f37bffcb45a94e2ad91

SHA256
fbdfc13165c7aaeb56eaeda090c3871cdd9f0766ec6d203419e40e00c4762417

SHA512
87e640e1d406ea84a2c6dcbde7327aa066b1b2aa5df5c75f9ac265d162acd805b67a8d9713757b497975d96d5f478c35670bd9734955cd95439f2253bc740dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
3ad7ffdbc5d361e3050535448a8a3845

SHA1
e91941b772b52f80ea62fe7efc923da2a73efe17

SHA256
25ac31994b6cff93e9e970a53b2f938d25fbf66d9a2975a2705deb4c41847041

SHA512
dcc736895e6708b68392b357f27fd1e498cc4269def265910bbb4ee139b47348ccf42d71bca35669ffb251bd19a898007172f13782d177e4874512f25e4d91c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
038ccb5732c97ebe43af377becbfafa3

SHA1
5e5f9a3b159a6265b79f26127086fbc84ae4a5ab

SHA256
b25948072dd148704e23a16b951d11922cc01540aa2c5039303e0fa9c1e39aec

SHA512
8418a5f1875546cc08572a4257f91f00d6e5dccb12d4b3dad97efc805f5e5cd4d5ef4adb8f9f4ad36853fa3b0813e0c7950d8989ab6da0d8fd7a368aaefd6f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0e032e5d5abbfe1e5cfe3bd7b8ddabc3

SHA1
7680937352b6026ce5a3eaf879cee17e588ea585

SHA256
f93e478b13f6176ae57decc2defb42cb6de22249fda43b6c28c9c3f9e2516e38

SHA512
347910fb8359a58f983017b63c12fc3e4c19b06faac683fa882056b363d6d1d2cae22ed8ed3fc15d20cd622dae43ab8e1df83ea295093868792b483325cd64bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
24d91f8652f1fe08dae84b83d41227d2

SHA1
1a1dd92f5f46352ad9eccafdb8c3b004e5f4b54b

SHA256
9406b81f4bd785e54d94c8407b30de232b99ed8180e205a8c1359cf2c876fb9b

SHA512
19b109d6d45026a278f84bacf1ee4896dd16ac53fbef23dc4f895ce31220f2255756c8a2c4570b23ec22781a2d2f535496531659ae9e9954c1d61e9eee2c681e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6da13294abc5e336727b2fe5af1e6b87

SHA1
311b8c67a4e2867eb3562a29fdf4d81826f0ac0b

SHA256
aa7d86da58878c35ca04d7f30053a7523d7fe35855a6e6134591a777ed83fff1

SHA512
f9ff95ee60d60ff278e2406ae2a5012aaf25d1baca1410b13a75c3b2a8c6431ce201c90b8267c5df5d718ed60565e8f699087e0938b40dae8ea65ab5dafb534b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b2dc1500395441df013d793b0e789673

SHA1
c05e6ac9caaff39f0e0177c4d4c63737f5458e50

SHA256
01b5bf4fa07a1fe798a461af148489f145f89e93bd0368f96f41866cc12b78ef

SHA512
dfb0a303fbe91a8391b8f6c8ba8347aeebfe10a14b4c5d2b8b6857dff5ad347c60312ddbf47f6642277e3bebf7475ddbd6f52de3f8c4a9c6a3f6e09ee8c67fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
724d8f12dab4c72a110734c6aa612d89

SHA1
d642c08c1ddb0af2780bb026e0cbd70bfd79da47

SHA256
181047a935cdc5f5e06d4a7f5619b59ca44161bf211ce9ef7e8ec59e4c38a9e7

SHA512
4ef2464691ddc7fcb6f9d87e1327676595eadde09ef672e107c7bfeaa35cb93579bd178006662362e732bef847bdc8f6879098198838ee0920359c4c2dc0f9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
97fee724d395a8918ea8a6b20c4f375a

SHA1
ec3fb414a867b4ebda5641b8df30be09ac8f5f22

SHA256
b6870cca908e952c773ac1c5e1909e3ddb64993406c8e759c20802d353e2a2c6

SHA512
9f06b15d361cefc7f4b59548e4086bdcc6d40c1c89e28451847a8a0228909a4dc7a37ab943d69f103066e52c541a1c14f7c0be6fff775af784b1a176f898a976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
86148187840e81d12e30ca2e7f076432

SHA1
31fc0d89d4bff999c182250b52fa9b26afd73943

SHA256
a548774787d81e690b6cc8874bf9df2367de21376fd06a2eac8e25d68a20cf74

SHA512
d6865930203300310fc0cc93cced8231692ce7125dc17b3afddf32fa7f9b50333acd2b8dc8554f9ec4089f8b93be42b5c58697ebde1215546ef124c0c7761252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
7285cbe91f381b9c3f1adc5a81600563

SHA1
ce15cca5d84e7decf6bdc70c2f9ecd4f5495bf40

SHA256
481423acfab1ed750fda77b3e421e44ad021a5d72bf1894fc5ab4626d57665b5

SHA512
9fab85c54caa777987ce1036b0c7e981a60f261a772c28437ddf06496702bae4fe232a07c8ee582eeda2b38fd0cea0a10670c4f69f85c4065507de05360697a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
ae7d94f864dcca9f585a4d0817874a4f

SHA1
88887f45f1e96202dd4338ec8963304ba99acb77

SHA256
b9d879647eca136641f8b98814d303a88d20ccf42a36d0c7fcdcd7f0caaac0d5

SHA512
6b5bfb1293e67205271494f204aff5c910726239a24123aae43f78a791c1992554be3cbb8d66fd1db85a512413a23153a6c320529738d35b4d8046bfd0f3a5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
1a7249432e5f21a8e884b589b6921da6

SHA1
58860cb319aa4757d10cc98747489fdc63fee2ce

SHA256
4916604d5a16678e1bf00dc61fa99da9e68d527ea867e99d8c9c24ebdec9a1cb

SHA512
6888546817281ab3fcdcacc36712ccdc2ba0c27524919c5a5717e6a6f7d3cad11b12a6b982c1e6e7379526f956fb59fd25a761120240d34bbaa081f68931e8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
3cbb6369fbd7851b2ee20b1e0beca135

SHA1
91174709b50a1456e1c7911cbc440e677928708f

SHA256
5159c35f65f50b25956f16cb5ee977e898b0b94e062749638ec14648e799542c

SHA512
5c4c4d2b1374210bfcb84e75f08353e35aeef99f634da82fa3035e70d683448de55333d584160d5692bb8258ffa7eb269e19346f8d04a7887fb2d11c1357faeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e6afc6d4-ed90-47ba-b30d-5a00003fdbce.tmp
Filesize
5KB

MD5
795bad0423355acd4d88f8f4498ec086

SHA1
7377522c7cfc6d914dfe8c800f7eeff3a5b0bf2e

SHA256
f439bf03de49951f7331278bf6e4c4d4a4e3bcd5789efa8b0a0d525d6e9d438e

SHA512
a008633504249d734382d2432145b38ffb09c414ab3778ec212a195b4dde2abc68cf79b19d35eba71bb5d9b2e7c6e97f6f9ba46341da7a218631000aeba918aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8449b671896b1c51ede58994baac4be2

SHA1
40162ff40c5d515d96d22686bb627cb14fc0e6fb

SHA256
12c6f33267a1544ab6bf687798b8b6fb3faf8c75b6fd2334889158b9a4299baf

SHA512
25aa0711ead050b5eefebbdfb78d918cbbf8104f5fe4c8d9d29dc690e970507e44e087d2361456a45fc48467fa5c0dc611004d81863f24f4be76da78467131bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
0b8ff07352165b1aecd02cd3779ecd4e

SHA1
7d8cceeaae1560bb5613627de40cb5ad1537773d

SHA256
70c953170bb4438e21d41b4c8741e8a0dd1880311383c50f44a67469600a2072

SHA512
159b3948f22a0b73942bbfd1cc26545837fc6d61cace0c3890466f84af6bf5a8d422de17e8f2625f223fce14245a92c1abc769ff21fc2fbbeb6d190bd7e3df2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e274446cc82ed76d5ae188f0992b49c7

SHA1
409db01b763d52fe8171d7694ef6391941c806a7

SHA256
4d6e65ecee79899d8fac45a044ed0b90c8c501d14644218fa80919c311a9318d

SHA512
ed0a678b73e9e14706c390a726b7b93926429ed844877ce0bd90383d4594e80921c050968a4599ee42801af80cdeac68ae4fb28acf5f0305491f2f8f2f4db855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
293f3af591f301973436d859465c84ed

SHA1
536a40787a00e4427d1c1bb3c2b93411aea5af2f

SHA256
5600d4ef308885adad1a9d953f1c298d7c5b8b92cbfff8e4c204d7197ca98ca1

SHA512
8cc43e44037972eb951c524280568d3ae5970e9d0afaa4d651cafb8c0060159d5779ed638b992f0af318edbb790ad49a4ddce49ff406ba5698e9e41031661d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
35e11f0b170d7c3da06106b6a623d16e

SHA1
2abd5e7a3678f3c2ecb43a0d99ff4f5e29fcfa9d

SHA256
9009d741800d6533d3a08aa680b956ca4a091de4e930843c19359da1e23a6384

SHA512
6884cd00ed2c53bb1dfda67f19169b8ca8bdce725a526e45c74dbbb9c3cfce8185ad6d9291f55103391d55d6f356b22319c4b87049e2e089eec99471fefa2b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e8c5f84c1c5367a00331667a10082af3

SHA1
a8876e5a84cb204f286e71d2c8e6ac6014664d37

SHA256
1e676964f5f5c554259c78d7f25d67b99f4542dbf71c417f3a189467743a8c27

SHA512
c7cd9c496bde3241b3bbf5c8bdfb588bc448323ff11d0f92a4ed580c682f2e9558cfac0cd2b456fcaa3b5bbb13a71b7b170b6b993cce79c0e94a978cc7db577b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ce9b7b175dd58d3ff8633bc4b0b6acaf

SHA1
bbe6adc4fb237fa412d8498c9042b2086c0e654b

SHA256
a9522ab56a60267aa172a2cff9a7264e6836dc97f713a328880fb6ae06f83f74

SHA512
2d9ccebdce25ea85238b6a2d0b274de5656a6764a78d543e3970f177077327201c07085008e8a8b8c6e3e39e7603b785e0282f7250013ae4304d1a53acb2f8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
9ef97dc244fb7113c099a085532ec78e

SHA1
cc68cdcd7b08b24abd32587b0cb3282f518086f9

SHA256
18fbfa0a2d961e70ff9b0a354c04f7c56254fff8c500d66e68f9658b0a30961d

SHA512
4d74e7ab53556242f8548aefe982dc7e6d2be047cf1f355d5fdbc9c55e47fc665fc87a1b6b3f67453b83f9836e2dc1e0db22feac30e8b60964ad163f7c9a2a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
3ceba3a0a28b059caf55f2eb30e21875

SHA1
1927c0a24308d26ff7837861906c26ff94e7b2de

SHA256
5a74f2390b7f08874b303584e91985aac791db626f2b233c6cc7ff0e145359fc

SHA512
985d9a275afceeb35b1b7d3beaf458657c8930079d6c2b67a0d0404baca68b4248cf8c4afa4ebd87463d98d7a9cbbf271376bd4f5d3b622beeba9c720cf5eb67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
92249f322652534ae661e1e0f36a3816

SHA1
63e5f62a006b78ddd901153aee81437416a0e325

SHA256
945193ebe26b9c101b452dfb7f9a4f4a815a33eadb48cfb7db30b41a0e8f6a6d

SHA512
0926611c8641f740c41dbda9cbc1921d915be3910bc58fc5afd8d2752ef67985a2b88ca46265371bd788d048ec1f8557ce0c30de1235d572d82c966b64d26367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bbb4d5e7466088c2aee1005868def105

SHA1
eebf1de104930a9612821e7f6bb4b37613bd3048

SHA256
10fa08be93f3c92f9c8203aaf522edc0b7253490176b43af5563884822fc219f

SHA512
ee6d281fadda9f76e114591ba96dca59af5aaaf01e460b79e137e17f2e8ca1f6527e83aa665f8cd40be596718259093cf508042654e305e4f1ef9a4fc93386f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
08f3693bdfb4024d837ff59fff431096

SHA1
e3d92d403a0a4feb669ef3cc9ddca1a4bb54c220

SHA256
2b191aeca64aaae09be40fa3598bf72cae53340927123ed51ab4d88d9bddcc2b

SHA512
d65665554c47114ad92050b15da42d8e907b5bde5ce38f32fc90ae58cc0e7a6b8f07fd9686f31d6e6216d987aea681d821ce5da909f8852ae186581d5f7e0de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9ef26f42e2441c44550145471970bc0b

SHA1
e24329b45ed2f821c7fde8d916d27aef34415040

SHA256
7d820c46d608aef2468af9b299c0f96bf3a82a4416ef1b3e035ac5040ac21cf1

SHA512
caa827ba5d5ad034d1eae74b2ceb8fb9f6f59f58080b2b6dd48629e122351d83e3b27afe896b56298ea85b9ed47bf372f3ac520e62126389d911629d2eb5a711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
83193350c0c74c413aaa1d3a6591dd02

SHA1
bba43684b0af5337bdcea824dca5b44a8f4f9db8

SHA256
e99fe3b3064b72420f2b6c15512ae5c266728727088fffba67d97cd6984d8a83

SHA512
f251a257378371367d6bdc16da17c56178ba0b7969139c75e07863ebf9485bcee6835bcd0ce63b346a4406c83e503981f7e84f433a53667d7c243748e634400c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6ae9c0237f6ce0ea92d23911d1967c1e

SHA1
1a42b1b9b1fef88a78fa93a349920ef046020a25

SHA256
cb0cfe7bb74b5c41f2aa9c2360895f037133c8f53b6526d792ee878761c41e7b

SHA512
c07604d4156b0c7c8cb8410b93403bf0beb2f1ee7e432e8e2d884467a717ec006ddb51e804b84bc88ec8b9bb6fe06b94e1a3a00e6cdd35f916daf3cba1f90068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4423378c974a08c6742bf52bdd71adbc

SHA1
24ebba222b5fa04cef33cc68ebdf1a4d60df2189

SHA256
b05bb552d5b84b81197e76986b2a68442f58bf92d9fc2c458df3edd472549543

SHA512
21547b0bdbd4f233c34fda679ddfa20292d5403009b4da9bb7fead18fbfea82a346442ccbd2e330c1118788f6d81efe8b5c8c42e087238e1bc9bafb6fd1a86e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4423378c974a08c6742bf52bdd71adbc

SHA1
24ebba222b5fa04cef33cc68ebdf1a4d60df2189

SHA256
b05bb552d5b84b81197e76986b2a68442f58bf92d9fc2c458df3edd472549543

SHA512
21547b0bdbd4f233c34fda679ddfa20292d5403009b4da9bb7fead18fbfea82a346442ccbd2e330c1118788f6d81efe8b5c8c42e087238e1bc9bafb6fd1a86e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
610b3c3347786f7f30df658002deb3be

SHA1
c50b9cb8780a8e82963cd9e42bf5b410633a1be6

SHA256
bb9b8dc64038f00de5432bf909e2d663363af9a23eeab3fc4d5b66692753bed3

SHA512
51a38eaf6443d8a61a3e14f503a4c0c2ecb8fd446cbc0d4b4fbaa428ee4e95a55b455619b61d7149be42295c0fc7a9330954596180588bc61147be5ecd168092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe777330.TMP
Filesize
120B

MD5
d6ec98b4eb1875f8c20a5f6da1e5f599

SHA1
1f4779fa55f2cd40a330271c2736823d33d1b421

SHA256
c60ca9e89ab9cf1030fa702fb89cda3f9f8d34ccb67f2c2a0b5d1bd520ccd4a1

SHA512
46b016d56df17b90c2785c09e2f462b4adc0a7c0e2b9ad6e1ad2cf3d941e614ddea08781d4e651487b5ef85e9918a37f09fac4f8bb402059b4b2757b615a0881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\5b9fd4ff-82ab-4279-96e1-977afa931260\index-dir\the-real-index
Filesize
2KB

MD5
a380d73d1d6b6e613a6a5ff224dadada

SHA1
0d0a284174ff82956dd010871f425fa481b8f512

SHA256
790986c165e98bd752d3cc8ffe9cff85fc7afc38e4396cd2bb396289d06297b5

SHA512
52c398e6183fbf2aac52d7e4ad93f55b820320c3a0d2b8b047292bc199136c09d533724233914a97f2e5826c1f77e666ca6f398e9bda103a2a159ba2fe166d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\5b9fd4ff-82ab-4279-96e1-977afa931260\index-dir\the-real-index
Filesize
840B

MD5
b65d31e2f4d5af578f9d9cf51251ac82

SHA1
571cb02b466bf72417af680e9145caf3c9314ed9

SHA256
4efe83889cc87188634dd67745c791b761f537035a6758b60af4138920bdb565

SHA512
a24d8b8e0fd571382a771a5611c5affca49594289c4f3ca060614650ede4754bd587d18cbdd92848e2ec78a91b48342c5a825522369cfc146e39e805f6e00bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\5b9fd4ff-82ab-4279-96e1-977afa931260\index-dir\the-real-index
Filesize
2KB

MD5
b9dfb2ae37a05a73267eb113a65c556d

SHA1
c5b88ecbc7ba034b8a3affe079f7cfc07bbd3fe1

SHA256
da565b72b2a7774f7e37eff1055d05bc7a03fef130148438224c3b73588ce288

SHA512
e6f6b80f6a377a744a178f380809398a889b968b5539918dc17bc1494ec1a50b065dcdab4753ded9b13f8856aa1c477876451955b04b365e0acf5faff08acefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\5b9fd4ff-82ab-4279-96e1-977afa931260\index-dir\the-real-index
Filesize
2KB

MD5
1c354875a674e3cdf54b6da541e074c7

SHA1
a2cc65e83925fda78f75862e848f6f0c4c317afb

SHA256
ca6804d032dc11bb008f9bf2eaf3f52a786f6198076d9df5a9d11c7a1adb3e2f

SHA512
9ef9a079a19cc7a88cb4e495d21b5a838f0d2f3cd93c7213bc79311f3ca4ae29ac09962bf0f48595d97d0a7dda7ef269a3dd141523876bb55805116337126be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\5b9fd4ff-82ab-4279-96e1-977afa931260\index-dir\the-real-index~RFe59e18c.TMP
Filesize
48B

MD5
20e20fc5e0a381e2422b4bdd838b6a91

SHA1
3d089e0b4511359ba42db64689e6334c4ed1a4ce

SHA256
ae3f0bdaa979f749cacaff8e437d4b7b62545f644b8c26f03a6d9d4f7767c0c8

SHA512
b911a6d37c558572114571fc122335288141808d5fd92710a5047fe89733cbe4a8ef926bcfe421b367bdd8b86a4d2b4bfbe37957e8d204413b2928620bc115d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\index.txt
Filesize
114B

MD5
ededb7d1d5242e05a57663afefacf6c6

SHA1
ed79d16d1f08261ee904a46cc3cb2c9fb00f41c9

SHA256
a154ce495336362a029d93f7b1778672f0530cd3cd7da5860fcd403af0d2808c

SHA512
2f5cf57f8d78605511dd034ae5f073fa2bd73d45afa99b4326300aa910d4b4a95b11abbbb3e77f846dc983465fe491acfaa397d58fcb077cea27bace75679f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\index.txt
Filesize
114B

MD5
7f1f1ca4ec51bacafe2afd8f1cdefe9d

SHA1
c81ff217165b9e8b2db7be3346ed43be2b9ca608

SHA256
c71b1d63137259e3b4f118c9ca39ff5fcf97f20f068dde13d6fd79fa1c1e7892

SHA512
b055ec1194788d3c767bb022fda823f369ccd4ce2cd1ff3600666594b23890c5f2882f35bfec61e8ebf7d9f2433239e882114b31c036332a79eeb4ea1c98b2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\index.txt
Filesize
114B

MD5
52338273e67daea56d69b28b65de26bb

SHA1
039130e6cf085960ed038209cf6a1e3c7c0e1d6c

SHA256
0d22a0522a89a0fab81183e293ff3b4d45f76a946537c0d8ade135942a8ddb1b

SHA512
870e4258b7730e44882e5c1f668270308e035fcc3dc0728f1544a85244ad9330e2e2eb8776e62aff484771caae0a2a3fb8f117facbf5b2f588e38679bfaf5436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\index.txt
Filesize
114B

MD5
c186e68c4d6f7efcf891a54d5a59f049

SHA1
0993b1d1f9eb0b1a2171a07b38a967f15c20d571

SHA256
2817673f0436b3fed4c0c610629030a301e76089d78dfd9bf03827687a64173e

SHA512
a95b5cb513ca8392ede1272f1e8d7a45939f08b1916b9ba253f1cd79a79458f0555556d92ba4f70758979892602473dab813302ccb73e6a49fada646a48c3104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\37de72ed1751b20ac6cd8e3391fbd3fc590baf4f\index.txt~RFe59e1cb.TMP
Filesize
115B

MD5
0a17fb1a99de433f61970f3818f45490

SHA1
f516cece1a5343cb0e90012bea7b353a337a5168

SHA256
795b633ee068c41b43fcc7d7f3bae555cdc63332481b61f6c64d15f2e4881c7c

SHA512
6c95ec7891f3d93f1ea4c334d1bc844a327b5a6aa12412ebac3f631d318f58f7d7f7e63d3cbf527884463cfc1ad3b6a55e6ddc457eb1638272e0bcc8edd68d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
10KB

MD5
b1752c41675fe62f88e95b464bf48f27

SHA1
015576c035063e884658b867fa3b8096f18ad0e2

SHA256
5a56eec868fd08468bf84f5c4edebb68e54a39436ce21030cbc79c8cf1d40353

SHA512
42b94ec0e3d4e96379db9a1f91116ec2ce602b5223c20bae9c219107d7337852263cf3b944bd490cd187355c5f26da104e0dc5f4f8bd1d9ec39ada0a17faf092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
Filesize
5KB

MD5
e41c0ce01487e182fbbd2274975844ea

SHA1
276b24e7e10aa0fae9be8c0eb937b7a3cf8c448b

SHA256
9d9a5b3a60de60ea7e14e5b1c9b48787c85ca22cfc70d12dd9916ff78eecfbc3

SHA512
0a03c49907a8b72475a437fdf7a65bc43d07012937670e4f8daacbbe9ec14060810fa752314ca145b493ad83a018470ace362e4a66db93cea9c3f601509abd88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
dbe8341f4547f00f6284f656481f2742

SHA1
22713dccf3eb9f7cfc699c9ad73f15feb49bf950

SHA256
6539a26cf6c10e35c0d9690eef6e0ccdecd8a870828b417947ac06ad3c93d1ed

SHA512
f1fa76dc313b643e97ca3c47173ed0d62d1018430e1b95d74f6cd9d93e8994f98a9f86da714c2d60db36e9fd992ddc028fddc8b31972bc590fad49de33a4436c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59c2aa.TMP
Filesize
48B

MD5
6ff1f31808c86e744ab4669136a16c1d

SHA1
62a9d679fcda4fd364d8811b51ce50ab4defafcf

SHA256
3c4f7a8857bcafb14518e3537aebba2329a391093fe5b4dc16fbd8748dedd09f

SHA512
edad1ff4ba714535214adad7c081e1b29e85ebcb964ac0d062224826a7e90aeed6941897b72c320d514c59464253c3c58bf93734c00b8d27359563e0d6818123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ad6f4df0-be5c-4e21-985c-8d4d90194d24.tmp
Filesize
7KB

MD5
29bd67bf2ab175218b2eb877a03f5cee

SHA1
c32987b2bc31815bcfd9998979b9dedf9f85ce28

SHA256
13907e8d0ee9373104dadf570066dd9a3e2a47ddc50835323cde0503f78a295b

SHA512
68634886e631bdd57b1cc17c09d17450f4d1d056110ffe9b1d35a2bbf8e7cfcc1cf051f1c3ab3395ea0315d7e3db5d3745f6c437c86e4b78484282b4ff3fb6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
eb66b292dac8d7f2146741887eb95d35

SHA1
ecc227295dbb3a0c308c50d10bd990e0aa407246

SHA256
4927d517bae8975fb955d1833ffaffa4521f53cab8a5468155d8f0f8e97d0fa2

SHA512
67785a097934210cc335396596969eec298625e0993b8e16260fc1a63ee91e3c623fc19c29c197b30b20c95abcf2c219a8ed6d6730aae64386fbbc9f06126763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
aba412fbdb0eaf730499332a2391ce79

SHA1
6dd4e6027f06f17f8edb94bc531ccbfb82d7cdbf

SHA256
bb16bb413323f644934a9f3f00c697cc35819877b617e9d46145286505efb366

SHA512
01879e3d73c3f62c6db2dd4a1d0efe4828cea5516e21e41fe47db6e127c7db8481769f235a3285b6e50127adba195cb158de5af099362062b5b3521f78ad2d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
c75a909ebe260c70c132d553fa9a5ba5

SHA1
bbc239290b1121f5bcd11203b923bb5e0b2f48b9

SHA256
a3583e8d3a5cc2895781dea2204b55377c95f6266070f7082a26385738f24763

SHA512
1889920f928d860881b64a524e2bd428f7b3c3385dd7af7ccc601c03c0740c1844c97574250a21c23121fc4c2912806d5eb1c233cc6cddb65c973ef0908870ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
91bbecd9ddfb8db0d5a36c79d61acd8c

SHA1
d8a9c65d2d82d5aca06a41980aac0e362fe5fd58

SHA256
48b7e156390a53e7cfb1fb53a0d1f687f329d1f411b9e5202bd976275db07b02

SHA512
ac79fc50f72b56ac0fa821ecbd53c490a1f5d82eb1c557d714567dfdcbed3e650aa1c0bdd4d53540a39599c22c60153e9318ee0aa64a7eefa70c15bbbc15a040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
7de4bde55cf61f923ab2d74b8efe46c7

SHA1
87ea194463ca3146046d383b818ebfaf8a20d99c

SHA256
cc095ab78eddd86248f2899585ef309877057f76559bc46f0c724caabf39856a

SHA512
0f0caef956c3ff0393d5b3c850aceeafa8156056bf8a370b1897eacef7031288d530e612dd9f160265a4bacabbfc3a174e8d1d33d30068b1f3af147a3db62f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
511046d4eb84515cbed5e33d468ec38e

SHA1
7d34abfb9858022cdfe05209d57924c7f5f5170d

SHA256
a4c7acf6143d73453ccb42160e36765b29d407ccae42e59ef4976fb29ee976f1

SHA512
0e3ee88bee25ae45cfe500177c5f75bb0cb24508e5dcd107bdd76908ce9458adab65f55a847b4f6f3b550b4d075ebed4d80b7b3fe4d85357d9d2db6710050aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
3f551031b1e2b34b77f648a99161ec4d

SHA1
20c62fdbf7366e74431798245926cc626f28ebdb

SHA256
d55b3c6e193ae5e2a1b7303892341cebd52e03d7888b90709e5aa11e1886bf2e

SHA512
4af63fdd4aebdca0d6ef4b30075e037dea4758e29fe19dcc67b83e719cf258fedd194e52d84860bc6796f58ae9fce1bdd9c68bdf07423a8a0f3174bb6bf0719c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
980b20f6c31fd0d6f92c9d882f636c12

SHA1
eb75424e8672ebb1982d4a529330a289bf324d88

SHA256
50a75c639241ac454e9d2919d5d96c28f87c2a96104b4bd29d68979000b05ad9

SHA512
8b4393d440f7ff345880589c304b6f3cda5f2882bb29a7be7cf6feeb6a1dd68b0b394040512ebd32746baad02af9b158dfc09898d952597551ef8713bf22fefd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
3b2e25ae0304a327014e79177e131187

SHA1
55ee82b22883c655624ad925de7268a09dfbd294

SHA256
e258a1bc15d25bb25d9f499afcb810f34eaff9bf939908a38d3810fd909e2ec8

SHA512
de8ad084cbdde0763d9a324eb6d30549ae880ca61f05dde126e2fa376baad4cb4904e713f00787c1797d3eadaeaa082001f8c24f78e802d036d2a5f4f5b32b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
7bf3aa54ac523ed732000d5d200a6972

SHA1
3876773fd2f5d925dbac936b1def168ee24553f9

SHA256
c6fde098a4417d84d4c70ec9caf2d06aad988f56ded3599bf8c77f7a1129ad9f

SHA512
8b3ca9c5853cd54404ad09357ab6ecb579e087a3c97e8838476195fc7a9f19420402a683b4e3e80d8763e3711dcc16307572d8da01e877ac5bde14fac6bca992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5910fe.TMP
Filesize
105KB

MD5
158018faeb1f21b113b5d77178406f4b

SHA1
c151e2b6bad782e33544a01f05d9d15ead9fa661

SHA256
da5ffbd989faa0e9863594516455755f9fc3e87ffc2bac793883ed19fcfc53ef

SHA512
ae9314c8ae8c9404bf9f35a80ff0da507193054051da9b93dfadcd2812f320521e9e1a8b59321f57ccfd898a977e7aae95c868d33c948be0cd1fb89570ff5e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d6a26ebf-d202-4628-9a5a-ea73fc0b5e36.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMT3HFX2\BatchIncrement[4].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\PCClientBootstrapper[1].json
Filesize
2KB

MD5
b3dce61d6e1f0c93d0850e5c5ef96785

SHA1
228b640c3c9adb20ac9b8578983c368fa2f94092

SHA256
a8ed9e3c8ed9b1d45ceceeffcfb9f079a9d408956332d5d6278a109344d22cfd

SHA512
60d0135cf6871b1b5d8e915152ff54061f211b2f7114c7ae96f2017dfdc53c760e06aef38f5c634e696b0146219d7e25f68f48d15a78f2b25f46ce66c30a069a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTLFUYWG\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZORDDSXE.cookie
Filesize
68B

MD5
ef355e33aeccc7195d70cf84c85dd278

SHA1
e0a1dd9681d5f418814f250e43ac88fca71e8943

SHA256
5ae2cf1544dd1d6e43e52027c6a97441c76c5eb341f7228ead4eb3a045f1cc75

SHA512
d350997dce4fa673bc8bf0376360002adb7487422d24e61650da09be923e68c1a9c944bae74b55a7de7da5e5623196a0ac42ba8083286541d6d77556d80f5713

Download Submit
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\app_data.json
Filesize
387B

MD5
410a849c515c8313430216ce45ff7828

SHA1
2bd2ffdd4b4a2b17ad22b00fd281347fc5ce7dc7

SHA256
df3a64e68a490c2c94cb9306172782d81c7068ba5541b0c9cff258153b22f7e5

SHA512
15ebaf6650825f3637a37744e6a546e395f6d95595bf6e2c2b0ba44b7166ce1fbebd45240e7b95b2d1065c548a3b7bd46629b7dc21124a000435db8c2a86cc10

Download Submit
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
Filesize
120.4MB

MD5
17beb85608d1835805aea0932ce7f4c1

SHA1
f0151a51ca13fd180353b1c3b44cbe8b1352a618

SHA256
773c0cd0531758a680f32adc8c595f016e36e28072ecb31bf6680b0ab8a243cc

SHA512
01c08c6a296e0be5fed932aba407b328600ebc69802e7265fa4cf3a941fffca5c032c00e3322f4345a81ff1bd03a2f03bdf9a0b65f669711a982d5c53c75eb35

Download Submit
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\settings
Filesize
162B

MD5
45455e3329e64fc2fad870d554be9787

SHA1
f3e626e9c0565b7540136816831348ee83e88d3f

SHA256
8cb05f0ce433a8bcd61e03974016c91bcecbb2b0165f3d3ddcf18a1d50058f85

SHA512
22462686af1099f08b4c6ce0af3284a5e28eb2a8b1de9c77934a3dd6befc7adb49c3b76de8bc7b2ddf2cbc3c22a6f46ab2a83555b95d86e707ce2053737302aa

Download Submit
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\settings
Filesize
123B

MD5
4a21f9904cc58318a8d88877d7ffd042

SHA1
e5fa057d776dcecfa9f4e360ad2852a2d03e5705

SHA256
7d462273c3cb81d9094956e42c32a81ebfa55b0a71e8937b35d8278f080a1b51

SHA512
efebcb120c359ee30d0ac92579a719551d8c2ae2edc186b97fe6c1607b58a5dffba83127c286bbd27c5a97ca973d87537480b00a0ea4b68857e37d3d1d1cb8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX0709237810B04CE18C6A8F3F95E6FEE9
Filesize
91B

MD5
934a11b8eaef18e6790e660f167b251b

SHA1
1195e4573af3ac1c966de8210b162d76f57df7e4

SHA256
8a8ffcca05368fdf6f8941aa5ebf50c565c4946e660dac731827703d5d36665a

SHA512
7b9ec190b7cbdaa40921a775beb6cc245f9e92b12785d0c1a9fc6285a996a809a2c80546a099fbdf5e2628404e4cedc2ab652f3e02c27012fd2fb3ea6d1ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX60F1C131E5544A0B842253CACB5D70A8
Filesize
91B

MD5
9de52d85b06da1acd48afa0d6d1d19aa

SHA1
6683b9c8eabeb1f315873fa6bcdfaaafa9353ad6

SHA256
8b231ef4bd7d12979f583d8c1b89c66ae7e379d6557a1bb6bfeffcafc15f1a2b

SHA512
f3c1210177102ad92dc8661720f12f4c6aed3a86991b59c823471464feb2eed41cc1512acc864cdace009852380701c20a694fdc0311d5a023c2b9298979c8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX825B571122B4443DA2BB613B5B2C1EE3
Filesize
91B

MD5
b04c0dc18c7d55cd67b193981117e8e5

SHA1
de1b8da5292626c82c5369243ab17e1fe87819e8

SHA256
0e9e0d48cb004bf17d389dc2d43451e7c45546210703bf2c36048568477f538a

SHA512
e6a2aea601a6cc021d9537fd56eaf034dbc5932f9dfeca57fa69921733af8d1c22fa4997a596f2895ca60a9a064ace6a135a8c5893381595521da9cdcfcfbef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e8859044e4d1fdd2bc780a48321dbe95
Filesize
92KB

MD5
9424d7f4c28ea133259fec169b3c82ca

SHA1
d19c8561f6b52cdc1d28f133b12bd4e5fcf9c7c5

SHA256
0c8ddf8c2f1ffeea20c75f735b8e46dcf7708a8f747714c7611ffe74b11a1e50

SHA512
377cb026380c192688018cf503da710ef50a917efe26e881540f9b430f5bf765e2514e89379f55d8e35fac376c389a027f3f8c5c01d5fcf28f5b55a1de859e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
e697c7bc9e8576ee7c19e048b4d32870

SHA1
c5383a915cee32b995f305f5c0dae99b171ab952

SHA256
78044edd489d4e0689604d976de32b5a1b976731482145ff5632d93e8f1a2ac6

SHA512
225e47084ca1f672f3a4f2559c6cdce0edd2804b47a80582895bf1e88647fb1d1b5c1cfb50771821ac897913352202515584d31b2e3b82181c08de1eacb77a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu41E5.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu41E5.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu41E5.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
71e29dfc0df923ba2188b84df3d41758

SHA1
3d64509870fb6532d857da65b53db5d717190403

SHA256
1748d9c9694aeea513d051be2dab376eb109e8be824a3c3769882f871d59d226

SHA512
0b8dc417f5234d48dc9ccd23a824e0aaab847364e9027aa024be9d659227ce2bb4ed3a953a82038ab2e19b323e1ff30886fe52c63ab3a462f5c69fd505352dee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
f66b1902a8e214ee776c28bb59a18a30

SHA1
7429f9299a863e5ba8eec2d743c8ab3bf914ffc6

SHA256
f3663ce01ad4deb7d48cd3d4348eb811fa06bd6918a84e5e6271be14031d4b3b

SHA512
d492876b2195c744f5403df23d8cef77070afe451761db54feb3f4512ec62a9eb1147cd34d8cfe274b6046d7055b5c82a8df895ee73eb49edb7568c751b4556f

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\9967c3dd-ea9c-49e0-998d-fd46b5d4f490.tmp
Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\Network Persistent State
Filesize
263B

MD5
d2dd509625e692c95fe3be48233f732a

SHA1
36b67ac439faac59791b493cdb458f67d52ab45e

SHA256
41c84e9ebddb6362e9b835c966ba7438fe44f1b8518c55eb5d2b65233ee8c8f7

SHA512
deebfbe095d9bfd4fe78b3f16cc040c67eaf207fe9efebf1d0477104295c80c827ef42be374be727ffc9b87256b464a31866ddcb7296b4841a657e42435a6388

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\Network Persistent State~RFe60efe2.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\app_logs\app.log
Filesize
8KB

MD5
978ef5dc6102d40ce0b06765a506cf60

SHA1
4e9e67e1fdd6019f48cbebdb20b851677962e3c1

SHA256
a1c8b90226f58104e3ea05c9ef5f2fd47f43baae71497f008dde92fe9029757d

SHA512
c67b7b972a521032328c43a010b45911ead6afcfb88853098f7de5ecce79b9be34f3da3de99395b1539f1da630263f161c60ee10b64be5fede37eef3c50b0558

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\app_logs\app.log
Filesize
8KB

MD5
978ef5dc6102d40ce0b06765a506cf60

SHA1
4e9e67e1fdd6019f48cbebdb20b851677962e3c1

SHA256
a1c8b90226f58104e3ea05c9ef5f2fd47f43baae71497f008dde92fe9029757d

SHA512
c67b7b972a521032328c43a010b45911ead6afcfb88853098f7de5ecce79b9be34f3da3de99395b1539f1da630263f161c60ee10b64be5fede37eef3c50b0558

Download Submit
C:\Users\Admin\AppData\Roaming\recroom-launcher\log.log
Filesize
4KB

MD5
57dea21562a785b8f78b04597fbf972a

SHA1
06f3de4a8b233ce91d051aad22e74549fe705ed6

SHA256
0116bc0e0022224f6504a8dab485cc738d3d502a7fd10db663af2f9cf05e0140

SHA512
d45b2238acf8313cb6c57e1eb5f5d02509a366cd6f3b15a866d8ab994e2d1d5e406855f4c22a116d188481ae0045fa252aa8f591b2cff53b83c3b65dac6a8c81

Download Submit
C:\Users\Admin\Downloads\OculusSetup.exe
Filesize
4.8MB

MD5
1217235d02d1b9e66caf9d1a2668089c

SHA1
4c1b8e904e7f2379bbdef6f9f37c4b87939fb72c

SHA256
cae414e3532559763e2aa22b3d2c1b1fe6750b310cad2923cbc92c26dafe67ab

SHA512
6ac13729ba0ce69664098f09c1d55e2680a2e5f6514c48a27e9d29e38219b995ef4abfc9e2375ce160fa14baf3261d19fd8760244046570f79d062a3ba657c9a

Download Submit
C:\Users\Admin\Downloads\RecRoomSetup.exe
Filesize
82.3MB

MD5
534ec7e4a3098edd42ad96fb8df2a602

SHA1
a337cfd796e0423f47a66715afc9632a955162d7

SHA256
a6d1a04c9964fc2350d86930aff7a1b0ffa0142bc39f6c90d0720e5cd5410294

SHA512
2645c6bb429285584fbe4f7a37fa1d41f50f9d3c88e9b7416f590740caae95ccbde38ca67a00a150312e06a42b84ae254f8d9ed103bf6a9e7ea7ee143e7a9507

Download Submit
C:\Users\Admin\Downloads\RecRoomSetup.exe
Filesize
82.3MB

MD5
534ec7e4a3098edd42ad96fb8df2a602

SHA1
a337cfd796e0423f47a66715afc9632a955162d7

SHA256
a6d1a04c9964fc2350d86930aff7a1b0ffa0142bc39f6c90d0720e5cd5410294

SHA512
2645c6bb429285584fbe4f7a37fa1d41f50f9d3c88e9b7416f590740caae95ccbde38ca67a00a150312e06a42b84ae254f8d9ed103bf6a9e7ea7ee143e7a9507

Download Submit
C:\Users\Admin\Downloads\RecRoomSetup.exe
Filesize
82.3MB

MD5
534ec7e4a3098edd42ad96fb8df2a602

SHA1
a337cfd796e0423f47a66715afc9632a955162d7

SHA256
a6d1a04c9964fc2350d86930aff7a1b0ffa0142bc39f6c90d0720e5cd5410294

SHA512
2645c6bb429285584fbe4f7a37fa1d41f50f9d3c88e9b7416f590740caae95ccbde38ca67a00a150312e06a42b84ae254f8d9ed103bf6a9e7ea7ee143e7a9507

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\crashpad_2492_UPRNKDYTAERPYYYG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4712_CEKULCFNNWCIKBUD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsu41E5.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsu41E5.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsu41E5.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/388-4953-0x0000022A3A4B0000-0x0000022A3A4C0000-memory.dmp

Filesize
64KB

Download
memory/388-4868-0x0000022A3A4B0000-0x0000022A3A4C0000-memory.dmp

Filesize
64KB

Download
memory/4320-6555-0x0000000005AD0000-0x0000000005B04000-memory.dmp

Filesize
208KB

Download
memory/4320-6606-0x0000000006110000-0x0000000006122000-memory.dmp

Filesize
72KB

Download
memory/4320-6770-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6722-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6552-0x0000000000A50000-0x0000000000EB6000-memory.dmp

Filesize
4.4MB

Download
memory/4320-6553-0x00000000056E0000-0x000000000572E000-memory.dmp

Filesize
312KB

Download
memory/4320-6554-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6720-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6556-0x0000000005E20000-0x0000000005FE2000-memory.dmp

Filesize
1.8MB

Download
memory/4320-6648-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6566-0x0000000006520000-0x0000000006A4C000-memory.dmp

Filesize
5.2MB

Download
memory/4320-6571-0x0000000006290000-0x00000000062A0000-memory.dmp

Filesize
64KB

Download
memory/4320-6570-0x00000000062D0000-0x000000000631A000-memory.dmp

Filesize
296KB

Download
memory/4320-6572-0x0000000006390000-0x00000000063F6000-memory.dmp

Filesize
408KB

Download
memory/4320-6573-0x00000000062B0000-0x00000000062BC000-memory.dmp

Filesize
48KB

Download
memory/4320-6574-0x0000000007300000-0x0000000007386000-memory.dmp

Filesize
536KB

Download
memory/4320-6646-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6593-0x00000000073E0000-0x0000000007402000-memory.dmp

Filesize
136KB

Download
memory/4320-6645-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6644-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6603-0x0000000007410000-0x0000000007760000-memory.dmp

Filesize
3.3MB

Download
memory/4320-6634-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6610-0x0000000008AD0000-0x0000000008B36000-memory.dmp

Filesize
408KB

Download
memory/4320-6611-0x0000000009120000-0x00000000091B2000-memory.dmp

Filesize
584KB

Download
memory/4320-6612-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6616-0x00000000092A0000-0x0000000009374000-memory.dmp

Filesize
848KB

Download
memory/4320-6617-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6618-0x0000000009260000-0x0000000009268000-memory.dmp

Filesize
32KB

Download
memory/4320-6619-0x000000000C250000-0x000000000C288000-memory.dmp

Filesize
224KB

Download
memory/4320-6620-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6621-0x000000000C6D0000-0x000000000C746000-memory.dmp

Filesize
472KB

Download
memory/4320-6622-0x000000000C650000-0x000000000C66E000-memory.dmp

Filesize
120KB

Download
memory/4320-6623-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4320-6633-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/4488-2245-0x00000000086D0000-0x00000000086D1000-memory.dmp

Filesize
4KB

Download
memory/4488-2240-0x0000000006660000-0x0000000006661000-memory.dmp

Filesize
4KB

Download
memory/4488-2241-0x0000000006670000-0x0000000006671000-memory.dmp

Filesize
4KB

Download
memory/4488-2242-0x00000000086A0000-0x00000000086A1000-memory.dmp

Filesize
4KB

Download
memory/4488-2243-0x00000000086B0000-0x00000000086B1000-memory.dmp

Filesize
4KB

Download
memory/4488-2246-0x0000000000A00000-0x000000000612A000-memory.dmp

Filesize
87.2MB

Download
memory/4488-2244-0x00000000086C0000-0x00000000086C1000-memory.dmp

Filesize
4KB

Download
memory/4944-4175-0x000001642ABB0000-0x000001642ABDD000-memory.dmp

Filesize
180KB

Download
memory/4944-4051-0x00007FFD7A740000-0x00007FFD7A741000-memory.dmp

Filesize
4KB

Download