52c33068b9931fdc17faba5a22551145953a49cc9937b22ff5996d64418c2615

Resubmissions

31-03-2023 17:52

230331-wf796acb99 8

31-03-2023 17:51

230331-wfhdqsde6w 1

Analysis

max time kernel
231s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fluxus/Fluxus V7.exe
Size

3.9MB
MD5

b4f9cbca656fd34c4dbb1d706a7f1ad3
SHA1

2b95d88a80ccb619b581c420f7435c660cfbb28e
SHA256

1e022d3886700317e5c41977de8fd595db5fbb3529164048ed09ee7efdb5711d
SHA512

5ed86eaf8ae42d9a8f0dca9776e25b3c2232434b32088df7feaa8149886594f1d4b1e37c597597eacebdb4082e0263441a6b78def5eef2ad610a6875c28fe969
SSDEEP

49152:UgLIR9JyCns59qfuce05XlWycazyClY1YH8PnGpv80tbvvqVUcH:UgLIRfyC7egWJa3lY1U82kmvvoUc

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 7 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

pid	process
432	RobloxPlayerLauncher.exe
1672	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
3480	RobloxPlayerLauncher.exe
5060	RobloxPlayerLauncher.exe
1572	RobloxPlayerLauncher.exe
260	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Analytics\RoduxAnalytics\Selectors\getSessionIdByKey.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserSearch\UserSearch\.robloxrc	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\ic-unpin-20x20.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Models\ThumbnailRequest.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingCall\Util.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxSquads\RoduxSquads\Actions\NotificationToastCleared.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Grid\GridView.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphqlHttpArtifacts\GraphqlHttpArtifacts\experience-details-fail\games.roblox.com\get.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Input\Ring_padded.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\FriendsLandingEntryPoint\mapStateToProps.test.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\TopBar\close.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UnitTestHelpers\UnitTestHelpers\mountFrame.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Shared-9c8468d8-8a7220fd\Shared\ReactComponentStackFrame.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\validation\validateLegacyAccessoryMeshPartAssetFormatMatch.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\withSelectionCursorProvider.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Controls\backspace.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Radial\Chat.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\DeveloperTools\DeveloperTools\Classes\LibraryDebugInterface.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Help\EscapeIcon.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestTypes-edcba0e9-3.2.1\JestTypes\Global.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Scheduler-07417f27-17.0.1-rc.17\Scheduler\Tracing.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\luaUtils\stringify.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-9c8468d8-8a7220fd\ReactReconciler\ReactFiberFlags.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\TenFoot\SelectedGradient.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-9c8468d8-8a7220fd\ReactReconciler\ReactFiber.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\heads\headC.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\scripts\humanoidRunFamilyWithDiagonals.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\TagEditor\VisibilityOffDarkTheme.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ReactIs.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Container\MediaGallery\Single.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppCommonLib\AppCommonLib\Signal.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\validation\__tests__\UniqueEnumValueNamesRule.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialModalsTestSuite\SocialModalsTestSuite\jest.config.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\SocialTabEntryPoint\mapDispatchToProps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\DeveloperFramework\MediaPlayerControls\play_button.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\common\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Commands\getAutocompletePlayersFromString.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\AtomicBinding.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\PivotEditor\PivotEditor.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Picomatch\RegExp.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingPresence-62e482f4-4f4187d1\NetworkingPresence\buildApiSiteUrl.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-2.4.1\PrettyFormat\plugins\ReactElement.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactRoblox-a406e214-4230f473\ReactRoblox\client\ReactRobloxRoot.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Container\MediaGallery\getShowItems.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\installReducer\VerifiedUsers\init.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RegExp\RegExp\RegEx\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\2D-Collision-Matchers\2D-Collision-Matchers\toRect.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\optimism\initTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\React-9c8468d8-8a7220fd\React\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Actions\UpdateFetchingStatus.spec.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\TerrainTools\icon_picker_enable.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SetAlias\Lumberyak.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RbxDesignFoundations\RbxDesignFoundations\tokens\Desktop\Light\Semantic.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247660063061577"	chrome.exe

Modifies registry class 64 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

chrome.exechrome.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

pid	process
2120	chrome.exe
2120	chrome.exe
3904	chrome.exe
3904	chrome.exe
432	RobloxPlayerLauncher.exe
432	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
5008	RobloxPlayerLauncher.exe
260	RobloxPlayerBeta.exe
260	RobloxPlayerBeta.exe
260	RobloxPlayerBeta.exe
260	RobloxPlayerBeta.exe
260	RobloxPlayerBeta.exe
260	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeFluxus V7.exe

description	pid	process
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeDebugPrivilege	4280	Fluxus V7.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2120 wrote to memory of 1772	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1772	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1496	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1528	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1528	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe
PID 2120 wrote to memory of 1600	2120	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
"C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffabd119758,0x7ffabd119768,0x7ffabd119778
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:2
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3300 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5316 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5780 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5732 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2732 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4716 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6136 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5636 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:848

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:432

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x798,0x79c,0x7a0,0x6a4,0x7a8,0x13ab480,0x13ab490,0x13ab4a0
3⤵
- Executes dropped EXE
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5656 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5960 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:1
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1820,i,9977805226328232236,1931597518810629283,131072 /prefetch:8
2⤵
PID:2888

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:u5Qxvcg_Y0q9ch4KX6lRKfi3cfQttU4th3uyrEz4qWVWbAylKUfRdYmrvER4kPs7IvZSgU-KbqpTYm-TUV1rueyGI1tia4dn_ecJrLe4F4LzYLNMBLfyxjROCqm-t_1R_Y0xe9AiS9E6ZrZXi2CSA073fbfpgB8xtvenH7Nt3WNKYAYyQCY3SU06mhXU5ZXf5W5Cc5KqlwMXW7xRPoKvzmlNWLNBv4hAjh7p1TVafps+launchtime:1680292608396+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167633362403%26placeId%3D920587237%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D52706d9d-b5dc-4869-8aaf-6569b1b0f552%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167633362403+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:5060

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x714,0x718,0x71c,0x6b4,0x6f4,0x6fb480,0x6fb490,0x6fb4a0
3⤵
- Executes dropped EXE
PID:1572

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe" --app -t u5Qxvcg_Y0q9ch4KX6lRKfi3cfQttU4th3uyrEz4qWVWbAylKUfRdYmrvER4kPs7IvZSgU-KbqpTYm-TUV1rueyGI1tia4dn_ecJrLe4F4LzYLNMBLfyxjROCqm-t_1R_Y0xe9AiS9E6ZrZXi2CSA073fbfpgB8xtvenH7Nt3WNKYAYyQCY3SU06mhXU5ZXf5W5Cc5KqlwMXW7xRPoKvzmlNWLNBv4hAjh7p1TVafps -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167633362403&placeId=920587237&isPlayTogetherGame=false&joinAttemptId=52706d9d-b5dc-4869-8aaf-6569b1b0f552&joinAttemptOrigin=PlayButton -b 167633362403 --launchtime=1680292608396 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4276

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5008

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x71c,0x720,0x724,0x718,0x728,0x13ab480,0x13ab490,0x13ab4a0
2⤵
- Executes dropped EXE
PID:3480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x304
1⤵
PID:2652

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
PID:848

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:868

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:4120

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnk
Filesize
1KB

MD5
49855f70bdb64df8685e21b2b3fff5cf

SHA1
d127af5429fe6cb37e6239b0565f87e52bc9ac9f

SHA256
5add6ebab099e36d6c6c395bb6f0f2e90dfab71b491340c36e9ad31b0f8dd9b5

SHA512
da6016c16d472123bcf31951e519fa89e85e986865a622bbf3e85e94b6a1e10f41881577cb3867110a00cf4bc278fbd808096cc8ece8d6ad5149c5dd8f88371a

Download Submit
C:\ProgramData\Roblox\Downloads\06ff5eb42b98c4785d78d96ab1be873a
Filesize
449KB

MD5
06ff5eb42b98c4785d78d96ab1be873a

SHA1
c0132a0defbafdcc54cfe64c20bdd215193958b8

SHA256
4fd4cccbe0ae0d34651cf799712d9632398a542db2c4bad2e14b11dc304d4ac0

SHA512
607b4463c2710e45e28ea6133a4d89aef49dd8199ef40a8a0ba3eb51de929abe0dd4658b46e9dd33499b8bdbd0b0f1332f78bc9cdba00eece73771f26b3b9bc9

Download Submit
C:\ProgramData\Roblox\Downloads\088421f57a5391c690afd2fd76c71144
Filesize
5.4MB

MD5
088421f57a5391c690afd2fd76c71144

SHA1
71754f022605ae120fe24d4effe4d61f7f2c6e07

SHA256
8945ba1ae728b7ce2a0a180bffab289388d36da0e18a2dc8c8f2cb20702b3a53

SHA512
bc423988c668fe9f8464ae1ba1c227bb971e22fd839511f4559702b35d953494464de6c7252221e6daeb6b40d12560180f81c183c258c165ef0a687392353564

Download Submit
C:\ProgramData\Roblox\Downloads\0926a18c062dcf2958fbd01b902e626b
Filesize
8.3MB

MD5
0926a18c062dcf2958fbd01b902e626b

SHA1
5731a3ca5bc557de08b74cad2fa06920fd8d340b

SHA256
530fc8c1ad0e40d045e53aa379559d81e3a6e12f09ed1a88eca97dad2081a360

SHA512
106369f26272acec1c48e85e379cdb1e68cd49633c4f8bdb7c3db86695744815458a7737713163cf5b4043a4dc691d8eddb0e81446c15dd640d5613d9a07b1fb

Download Submit
C:\ProgramData\Roblox\Downloads\1d0390337d1a4a58e5514be1a9481ad6
Filesize
2.3MB

MD5
1d0390337d1a4a58e5514be1a9481ad6

SHA1
0c09b611223f335af2a42dbc371dc95ba4f18979

SHA256
c79f0eeb2bca4905c585c50333db3c6f727a554f5db82e64948f93668fbc18aa

SHA512
382e5d7a61398d54bf15bcd928ec7755817fe92a860840efac6f6417229678cb1fd1756c5a7c82e02754a23732f63882c4a640bc6d73d28f30110d0028ae6fb8

Download Submit
C:\ProgramData\Roblox\Downloads\23c057b9d69d7d11ff353d9cd2e6c3f4
Filesize
44KB

MD5
23c057b9d69d7d11ff353d9cd2e6c3f4

SHA1
68bef9d21cb91c48758e5b9750ac75a5073e41e2

SHA256
79e148967a90daf0eb53d37d6199e399da6f1207a64d4793b6227e65d1eb0e1b

SHA512
aa30baf044d02da17bd54fb93f3e1c31036c3ec729ce554174e17d99c2d27e6625aa9e5c3eef9849a8ffb7d898761165da0037df02c7e279e0c2eebd697487df

Download Submit
C:\ProgramData\Roblox\Downloads\3e301a3b44f7c333df7889f3dd9bb30c
Filesize
430KB

MD5
3e301a3b44f7c333df7889f3dd9bb30c

SHA1
8c500bbf0b77b3abe008300c999a754f3bd90b36

SHA256
80f9b96071ffee2cc4b3631cabada8a8ad3ee44ee4d2ecd20712592921857560

SHA512
f83871b1a05ef897822df778c41fcbc8adcf4af3f953baf8a0ceb5463748f14082cdeaf0c013f1f414608275033c11beaf4c9874a2cd71717e7fd0c4cced81b7

Download Submit
C:\ProgramData\Roblox\Downloads\6e2fbc32b652b2b6064aa159399ec961
Filesize
36.9MB

MD5
6e2fbc32b652b2b6064aa159399ec961

SHA1
5aaac02824edf1ccc5868eef06214065484c57bd

SHA256
86c18fbbfccf4c9a3801211af8d48682200a236e1ca9504af8fd6f02cf3f535c

SHA512
55b796ca6815a883d856b3dd215811260723028c4395c9557b8a3f5d49af960e749bd200ae68b14a11238a66dc621327e7e488c20f0c3e4941df5eaba1e8d384

Download Submit
C:\ProgramData\Roblox\Downloads\cd77e0e77d698260809f8ae8b3993740
Filesize
364KB

MD5
cd77e0e77d698260809f8ae8b3993740

SHA1
efb2b983dcced8e89fca30e9c6b77a2c57c9dec4

SHA256
c21c2ef75edef71ea53dd1fed5470cfa3d513d22f8cdfdf2431e43fe8ff4c95a

SHA512
5d56129f15789105b1428712a3fd9cf3ff436f957dc8177e301d1a96c440ea3fe944610eb99b638871a0607d01b555ecea4425ea3a780c95c32df6cf191b73fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
2KB

MD5
76cdfa1e64786cf8a512565aa156d674

SHA1
c34fdc21105fbc45b3b7b2bdc56a22e3806b3b9d

SHA256
4d24972297733d46782d4bb9ec3095429d308ed0598508eedff9b6b73e49f909

SHA512
ce1266af7dc4661f200f33268adbdf57ce5454693068d966fd12066d2d9acc71b4338129564350a49effaefefbd25b8483391d63b0b870f1d5625e880279fb91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
afeb947700934e6495db2ef5ea714989

SHA1
04b3bf94f26b6721dbcc1a82bca036c02a911c49

SHA256
4f5e96a0e628ca7309c330d38643b917c965130949cef8fa342f2f478341f187

SHA512
ddf567306b9ea5439efc12896df20f05568694fd645641f98a1a156e58948e82fd06649a6f0f1ac37b176f5c52d99ddd25d72ec0d63c85ee8235b2c1a5e3bd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
472B

MD5
ea599180805480f5f3c4a5aeaf9fa5ed

SHA1
3384c93bf6926b7141c269f9fe5a3b45ca6312dc

SHA256
57b2f1eb3795614be85f623ac1efbe436502c01c280a955f34e7b9725cafcbe2

SHA512
86a55bf900e39606afa9765d7f02c67f8ff88f12db14718f159f8d462590f30831ef621ff1dc6be6a57ae962fccf4eee78b6d318f784bc1c6622ba85b3a505b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
1KB

MD5
6a3b8331e801f083b403b0857ed8d574

SHA1
48d275731f1dbd0630d1ca55a1b05f149a011d1f

SHA256
98651a2da4a4613bc2a03c4128926fe6b05f1af8a7a21e1fedec75db013706a0

SHA512
7527b8857707c8822e4b7f5049ddc9b4c49933e68535690746d84b7f0187a10f36e874719bdb1bf3ba8b035568a7cbafd687b80c4621dc35552d73f7e497071d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
488B

MD5
af31ebfdd36fc2071c95c94e023332b3

SHA1
22818a204833dc6807116ab685b69813d4ae7ea8

SHA256
2bd94e229efd185a89e97af4b34e7bab4930967fa738a15eb32b6bda9dafd25e

SHA512
b5fb2db47e1ddb21d58de7ebb14d2c65739e9f405a3781131d886c74e2710dd4bf8d27270f67df4c6272659f98d3c38b41e6448e9bf6a7baa17f18c19d224383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
7cdba6e8ada63f58bf6b99618dfea9c9

SHA1
41ddd353c57a6c75f9d14b2cd800c62f6f4a8879

SHA256
49dccdc0fae6983ed029ffd77f4022e456480f18efdfddd738fee0ccae8e85b4

SHA512
0c48ba67b31172160923ee9b205ed213564c5353f3430448de2c43676be409d3b02f01a2c45351531874c2b4e5f1d5a338173de46590134a081ebbc3cc98c1ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
496B

MD5
4c9e52d3f350304c4c4371a07ba4ea4e

SHA1
025517efc556c099fb9fb9d94f716b4ebc50c5c0

SHA256
2ab856cca5ac69324df81b285998575c2fa248533d1b60b4481556af39ee1386

SHA512
a3fa0c3bd8c4f7a9a00423e98ce6bea76b987b01a20134190b9320b1e0660ccd1a71701a41c3d3d3711840fb7c7ad74795f6c7030688993ded6fb4baf34af471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
482B

MD5
b9556adf127f33b3f4604c4192864fc3

SHA1
2a7ac3ce07412e4f6c754a0a9e0f7584b77669e0

SHA256
bf0f72fd86770d9cdb0006eedc2e021d6be53eb5e710c1200cfaff362aa288b7

SHA512
36f74e3e804ae779c7052bd7231b420b40230bf0768bcb2823654c429ee81380f8265ad0c79407c7fca6ec28bcad92e3c04d50f6c954fc5a30dc7079af6f1e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
430B

MD5
ec917eba108954529f7b46e2fb8dae9e

SHA1
3c3ddd134e6b0d83760b6d9da97cea16da8b6a0c

SHA256
1b0d4c466543562dece2bd31a01ad67bdd84c2e72bb37156b20b4114f60b1a9b

SHA512
bf29b5beba14600ecda3828f2daf47ef6044c436a767644208620a0e57a5098130b0e7524be77b3431552b6adbf62d92f3841e80fd7444a62de988f275651921

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
91f0ebacfba32957c3ecdc36f79ddb30

SHA1
aca9c02e84c90a6090025162b78bf1842eebd519

SHA256
958e368d535c317f8437447035ebf15bb03a304c621b4848ac2ffe65712d4ea5

SHA512
9d0ae70ebddd24deae126c8d4a2ee2518ac298114616f685401aacab7e59c395181fb633dafedc41a4c8c715f5c898c75c1a3fcc8bc760bb37cdd9c7fd07789e

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx
Filesize
96B

MD5
b8103cff5ff17476e28744770a7a8104

SHA1
8cef04bcc6fd35d9b10194c8c71b8162c392dc97

SHA256
f8092b0e1985fff05d3ea09059cb16a2bd01f47c13355da3d1e2dc9b7a218e8c

SHA512
e07b4d16f14d0d3ff7dc30d28b6f30044dcb87bb818347e8e8f763ce43f340e96f791762c8ff338817ca17222f4f8b79e2dff2afc381cacfdab9ea0ee781d234

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx
Filesize
96B

MD5
b8103cff5ff17476e28744770a7a8104

SHA1
8cef04bcc6fd35d9b10194c8c71b8162c392dc97

SHA256
f8092b0e1985fff05d3ea09059cb16a2bd01f47c13355da3d1e2dc9b7a218e8c

SHA512
e07b4d16f14d0d3ff7dc30d28b6f30044dcb87bb818347e8e8f763ce43f340e96f791762c8ff338817ca17222f4f8b79e2dff2afc381cacfdab9ea0ee781d234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
65KB

MD5
02c3cae9d8fe666b0e8de0d7fd5bc107

SHA1
4efb6374f935679a6795daaf79ffdb92639c15ff

SHA256
be9ad65f4bd9f8e3bcf78a80a72d26ea9b35c41a7ebb3c3162855a7c8a779790

SHA512
e6add88df6ea2a1d26568b9287e205c85ee5dcbb6433f6e5031c2af2f92aef306feff9300d7881cccd5a0e5387589337f9f9d92cc6f2cac043229aaf360e99ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
96KB

MD5
9add8a2d0968db9bfeecea90afe78908

SHA1
0fbad9c080edbbfafa13582c16dcdce975ad8bff

SHA256
1de5ec9db21d2c963b10fcea854a1cc1d0cabbdecb268dddabd4f2294687e644

SHA512
851859d5643d30089a470a289b515098c5c1c7b6a0a4f832c04bcd291af250ad1d63232742fde80f606d0f3d7b6ab6d36326f643407caec62ff67d5c9a56dfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
59fa1229c22093a4299fe6fdf948f944

SHA1
0aa05e01d1b8669d1d682f4daee6fcf58c33f076

SHA256
a029254f1cf846bd691c1f5811c57df3d7c9533529fec8b09ba5c663c33bb44a

SHA512
432a00f777e6a2fa7cfe7e9a7ff483bae30d38d603d489644304e614e9aeeb2f01cc8be79ff0f79e4c8088fb8b3eda9f2563caebd62df240c50d7318b28e7f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
ca6e5a897780ae129d139e47bf21a3f7

SHA1
ea716e9d4622888068f818e18834ef88e25a6360

SHA256
dcc5ff548ee5e5c99cd555f0c2929f9e0078069198ae1f7a8f5a0a0ade0c7708

SHA512
8bd1dc5b48544062506dbd6375c7f6cc748ccc755c0cf515e67c4bd631d8a940cf845c26e26407616108aeea020f112c14ff32bb00cba0a118f3b57ca6b688f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a47e2e1b659a2812cdb83138650fddc4

SHA1
c7488c2addaab7d78e0c59e1f81956e05ac1f6ee

SHA256
aa8c1c99d635a5d7afccc1ab182a3f60464201f318bf6f9e5213c57f95a69acf

SHA512
968d2b24baeccca4f0264181a246226771d9b0f0c05b6e3d3c8b33c039a848f71e67957c800e87f0e18622bd2b0430dd26cfe10671febeed83e93b920fd0b15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\53b1dcbc-4907-49ef-9b35-877a5d162603.tmp
Filesize
1KB

MD5
6839f3609d202896e77555052f37dd4f

SHA1
6cd14f7e49a762a38dee97d7b4dbf912c6e01fe1

SHA256
d3d5a7e3b7819325bec22c65ef33ea0dfaae9c71e5f2f695883167b273b2a2aa

SHA512
5834c622f1e6a8f81ec3a1d93dd54d898f132bd9daf414ecd199dfce41dadb0611eb8a23f635d82dba95df78eaafe2d075cfe46b65e45a3f3607bca0bdd3c877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
3b83394e6e42fbd16cc2440b5c795d10

SHA1
41e35e3a9b84e34cf7ce9718e6c571f571462abe

SHA256
5af4175299081f71d3e953e4893a4dcf8d145144121460424a6e00e3dc5e2a1e

SHA512
f87219fee43daef6994166647aaaf0175fa24ef7f4a69c1a01349b1f590f40b6d34e00d59c50ce7eb557155ff80d6902403aff8f90cc3c5567be36a9c97c08ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b84b03e0305f6ffedc0f79dfc5c2cc99

SHA1
859421489009b36b25a40e1d19debc8925ca6c98

SHA256
b1f45ea56737ae464ab76373765c0db68a88f9b892400446252c22b145716956

SHA512
bd3552e7edcb23e7f6008379c4bdac68c9598fee367e1171647c1d43394290fa69ffdb29e967839e180db719c11b1d684005109fea413c49a8d3efcaa95a6b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
0eeb4413ffcd96f801801aadc1cb5d7a

SHA1
9f44766bf912d6b16a0fc90b6ae582bed36a4d68

SHA256
09c0fd14eb3b46e9e0c53cd71ae0ccd158f888528314f028a2d015dd6be49433

SHA512
dc315ed59867180706576ab7be8d94780e9e9e6458ef9a2b3447189679dc8b111f1c702b4a681eecfa42d2c65f6a524581ad7205c808b2a1e9c39aafd2b00aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
d3bc223321edee2e554b00c8dd2ebbe1

SHA1
ac2e23908399dc06f3efe67070c7214a856099fe

SHA256
21774b26ad527a57a128f00b8eeed5951e40b44c64ee59b8a12b3e0b5923444e

SHA512
4737be7e871cca0697e5ce28ffcc42572a1e59fdd38c1a2b2b4f412bbaf683fe33d36a31bd84acd4d23317758a89a29f6ed711c63d3faf26e9134ca0b9cab90e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
785d52ace6132e050f2584b08195063b

SHA1
3259537e5a9fcd74ec473e3b02339fdb35db1677

SHA256
5eaafb0ad6d430c9b64e197c5190f8217fb9de3ae6c2a7037af9ff56fe3354a8

SHA512
31386104f42cbcd8480819fb19a2ce25943baec94f2788da1f67919ccfff090e9dc571425ddbd1ca22e31896eb9ec1b2592c0da327f7722b625b7ef15ffc2222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
efb9acb93537263f28994fc32ac0d3ff

SHA1
12a13686b44d034fe01770f64f013fb7c0beaf8c

SHA256
5d867a2ea3b74f6ae6cfd78cee6b6d83406eb1b308b1568c01e6c2e80050e62a

SHA512
8f05a872813962bc1dc889e5717aca52254ffaeda6f44db3b89dff417caa65915dab204b8f26d43e56ba51e8cd66c79d673d4d25a3c565d8f050edf6212c4100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
760f14cb89ce2460403ee48be5b21215

SHA1
560763a69660fcd53776c6c9342cef0a7e055fe6

SHA256
b49be188644b0b2e5ce86b35346114317af2a3c11543c6310d9366a21c6b0534

SHA512
a2a8ca80851fe7ede90740d16839725e2dcd81b5311c80264226d132e7a5f9fd8df582ead1aee6fc2f8c61c5eb778a189959e387f2efffb7cc13c63933c66e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9caf9773bba8de2814b9ee6769392f95

SHA1
e098cc75fa6ff3f3529e089f4c3a4b89c6f10fd9

SHA256
f5b67fc4632ace2f9135a2e014d765ebdc9563c3d9bfb33dbee59194060908e3

SHA512
2f3128e58aa30fdc927de2979a1423b2a5c59615c78ec53be9aa9e85335b7f5c4f9a56815eebe53f2536109b4888f437a853e43f93ff5c874da4118b206fb025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
523ed573893f4461fa92f1c0c601da72

SHA1
535c1f52fda1037cb5b853a4d360f8098209a98a

SHA256
4d01b3641fae90e858f19b0177a4062dda5e1b8c3d8b190cdff89130e8044f70

SHA512
617da7675ce44495c34c8edf08722546bf821eb4fdca5d3ac2ff579a5cd5110319dbe5a3098141c4a1ad5a83c000fe67b9cdb9017f5aed862c3d0ec325b67420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
41819c99d64dba813f5717b3abe97aa0

SHA1
c9b503a71b2f19ccdfe0933ab66f33f9ec2c60b2

SHA256
de78296239e8ac6e12e136d26e7151f38f96db2cddce141b4bedc97d9a2607c6

SHA512
b046b6b1c80382ad04927b3ffc829225a542270003ae6f9f1c23d00f211c672a78198b6a2b2a196a2adda7d8fa38d9f2345dc79660f88713215da91b1fb3eb22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7ad85360c192cba2a4afa611b80e9a96

SHA1
5417bd9274e85fe7967c6b50b22ebc0fe2166066

SHA256
d4bd5949c3f615e9f455828462984c639fa20200f8046073a270e3c0fa4bb03c

SHA512
c2fd72c2b6629e232b1b6c9c2eb678830f674629578dfd736e5fa8a0c6949db3ecb1c78a2263313d3b19e18bbdf9f9052a4bc95faa8a318e0b26f4c631704e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
03420cfc3080c1af3ed4550ab4b8b1e1

SHA1
2a3d00dbd5b04b1ce0b7ec736b6343ccdf0a3bd9

SHA256
829de8116c4d2a53905a2c091a41f9a3e7116d99ac1328cb208315b5d8c2bff4

SHA512
32645c0bd63704205ceeafc8feaffb96b6dc412550c8751d2691f2138a9235e971d48f61a63b7cfdc18a364b2739b00d1da66e00f89fcdbd6ec8d4dabbab7361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
090749b019fbece8528a866f2d892855

SHA1
79a15bc2f9827b384a7ea4215ca43d7b967f0ec5

SHA256
71f856b4cab28dcf4c77b35d37d864cc8770b7f4617b457672e8c39ecfc1d9b2

SHA512
6219e6efb89d8250c3b00eac3bbc30beb2f57f6312f31e88e21f5d379457be1152101ac782185bcaad380436e8a357e392e2141eeb5c29043c7bc126e1f124ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d0abdd513dc1ec2409c5db52059e634d

SHA1
fcdf95bba4791b5bde5946602c9e6ec18c95277e

SHA256
277f690d44e36f684641f9d79fea52ad283395d7dd7cf3ce41f354915d923860

SHA512
5171da4d1da8335e2856cae5a49d7ab101f70eb98382e739810983140a6f93258139841d0a87f6e7baef17507c399f2eac18e79120573ee18bd0936af9981ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e502189ee63c58a359626573d6ef5145

SHA1
97e2828a34bf150f14500bdad71a090503389d6a

SHA256
0741f273012b9587ba688af1524f429f71bea18483840741f3bbb712cda0adfa

SHA512
5cf02ed87257211b264fd9a4eb59163cc6a187e8545665580032428552b600545b94bf67cbf25bb5e52059e3d3fb7ebee14587ef07acbb7922d38c9a84688469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
72e82c382396da5b4eaef6ec4b1e245d

SHA1
3b1cd55d4d6df819c747906e7f5c8d2f2d40edf6

SHA256
f6dcbd1cc5ee48318ec5bbb106ade3fa6f5e8d67e7ba92b9711397fa8ef8426c

SHA512
f429c9b08c51208dbac5d7750a3fdec6f0d8acadaeeae9e02d9240163bbc5b9f34531838f058989c397382419b23d9c45377dd2d55f1217a5d9cd3e271484435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
79510f854aabc9dd44c4647abf2b7214

SHA1
85295e1d9170e9ee75b1380f549dd54946bb89fb

SHA256
51ddeb10aae9e90abdf6ad04669289189b1f571275d30a3cab4dcce04fc32c4d

SHA512
2cccc15c056e178f744baaf26bdabc254420e7ab1d72367297168416c6064a9bb5cf6b9393fec158b4f1cf11d4490b737c074e56342e641db8366b08beebfef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
76e4c528c6e6453c463cf2ba527d25c2

SHA1
b01efe86e42e256b9b4bae4d4dd3756170334875

SHA256
f2e1656470cb39576003e123f2bb0bf0cfb0201f1dcc4143a002acfbf7cf6718

SHA512
d2bddb46d8ea167cf6b76cf929a010a33a6389a680e5f26d7ce72ec115dca8ce38fb0509e62539a919be47dfda0431130612a2b7773e3e2a05339601383fe735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
fb26281fe73aa29bad6a1098bcb2c808

SHA1
5b02b8c61569b749869d87407898229c5101ed4e

SHA256
d183d8ba479396b033826d9960cf93410e3dbea37e86db055fd9735973ef6a71

SHA512
686e0882669e51314db8678727b19591a38548f23653ab3f7ecb035241a32af922de3be5c55d162975d0788e57207f9f573550994b44a4f7136863ae23b9c99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
bcb61e269fc47a953cd6d5bb21a453f6

SHA1
6de1251ba895c18e677278ed2cd9e24c0d132420

SHA256
6f642a930df705d84e67905032135b758f33da4afe3d05ff20ed9fe349c61695

SHA512
2900aca6df8ebd3027ee193311785f369cadc1ebbc28402928ad88aa4912510b10e1795dc661a5d43d09db127eb8071cab5a5402096cf917374fce5847acd8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
afb7f78bb45242edacb65ac98876790f

SHA1
94fe84d2e09815955812524a9df8787e5a83d27c

SHA256
6f7c1bd5f1169ecd948b874964fd37e886eee5b47a907ea8eac9983043c20d8b

SHA512
bd367ffb0f5389594d34322b990086e4e239154659eb2c72386d1ace6d2b99a44d07010d5452e18d3324bcca6e30d28fa4b8a4b57fd13dc9973194ac4f04725a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0f2f51968464805cdd14045da7caa7e9

SHA1
c66cebc3b763af8de31c32a8ff55bd3a89140176

SHA256
759237ed8fd63e0dcf7b65011df41c5835baf7664438587e7bf5e360eba2358a

SHA512
b80ab12f88fbe33592d28e257a68aec7965b55a58c9f670e2e32e3d9c2d259247d50b63d31c375f5821b8b7d6440b54cc3e9f59a8b318d6aef247f2685294e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c550023c4c3dc004f4eb7fc1440a86d2

SHA1
66f75996a8c0ef8f7f4ef2f93e0186dd098bce6d

SHA256
3dd0c189348420700ff2e5f70ab0b62f9779179d4df7c348ddc9aa55e35ea8bf

SHA512
e4dac2a20320f8993f80410396f724cc3a0c55cc37ea29df28523c7dc9cda83c372f3f8090b58f6414edd783f3824ff743563012ea36ed0e92ef1af33e13b1ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1d42d6e1340fa634ae5c9ca1dda3ee2f

SHA1
3873ca7e9948de8d094ebbbf0113dc8b4a9c57af

SHA256
cf135301c533bcf961fc097efcf37a14906eb95d8f50e6f29b836a2e968f3f31

SHA512
1849dde9f7a1c413e7f7464ac534a923914575042549bfcf92893ed6a3aef289b670d50084125af34f3eef487beacb2b004fd647a54ab18856a36aa815358870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1d42d6e1340fa634ae5c9ca1dda3ee2f

SHA1
3873ca7e9948de8d094ebbbf0113dc8b4a9c57af

SHA256
cf135301c533bcf961fc097efcf37a14906eb95d8f50e6f29b836a2e968f3f31

SHA512
1849dde9f7a1c413e7f7464ac534a923914575042549bfcf92893ed6a3aef289b670d50084125af34f3eef487beacb2b004fd647a54ab18856a36aa815358870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1d42d6e1340fa634ae5c9ca1dda3ee2f

SHA1
3873ca7e9948de8d094ebbbf0113dc8b4a9c57af

SHA256
cf135301c533bcf961fc097efcf37a14906eb95d8f50e6f29b836a2e968f3f31

SHA512
1849dde9f7a1c413e7f7464ac534a923914575042549bfcf92893ed6a3aef289b670d50084125af34f3eef487beacb2b004fd647a54ab18856a36aa815358870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
e02d2df0820423f8196d09bda45723ff

SHA1
858705e78768498a7ca6804653e755039d8a365d

SHA256
22a1237b9e74915654e30c34a1deb38956feb10017b401dffd860dc9bd651f8f

SHA512
f4b905d956a4234ad238676958a7a08fafe030a012fde1cf8738881c87792ca4c625362c9bef788b95a87168715a9b706102fbd5a97c6dc2f48729635bad121c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
0f8c54adc00654a5743c1071a66f81a1

SHA1
1d750064bec3b74ab5f0b1d7dba0753885afdf3f

SHA256
fbd44d3b0d2a3114c87ec5d0009f2e5b00517a9c9fa0aa37553476c7a900e53e

SHA512
6232b1e42446bf3614aeb39ee61bacfed69260a89421317c65998bd97a1254d94cf820bc5f209c1ccc06d3d8bc6f7378ec5517341a62eae263b4423b9a3c7c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
7cdc461fef7d9baeb3dad82465f1e52e

SHA1
bc0a93a3534b606977ce588524e042921a5e7a6f

SHA256
711f71bea100c76bae6131f113ff7194b82e17120420e19fb9ea422fe9f540dc

SHA512
73fc4a9442ecc070ac7eaaf2b8f14567949fa098ae327a78dcbb95f542d7e83d84bd96816d0c7a18e9402c35bc190bd36b3491b9ede185677cf5c14faf458a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
f69eadeb71f8785d113c7aa85f6dd7e9

SHA1
1c103f8d8968dfbc03042f0dfcc9d2f385100acf

SHA256
ee9a0e07d9cb06816739242c32e7b5140fd13fb2892ae604b45af35b5836150d

SHA512
d3cb33c76eebfaec02b00591652c01243dac5cdf06382453e5310b89242876088bed8c768e9141cce69346223f7fe43401daaab560902b5645d108841648d7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
16bdc0a4e0c312ff22e88aed08be30a1

SHA1
e4910b8e346e51e60bac3d7d6477321a9bf81af6

SHA256
33827c4e6ed3a56554594253afc31571927c2435ca0ee94d0554d6509b0528a2

SHA512
09b023ff393804adb911e5dbb35a4b49d42c358e1c2bd37a0cb4275d03eb0501413833c077bcfe4a3e5e7349c3ccf3d1604b254d575238d673eef769e2e101e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
f0ef29a2859458dfa7d1d54e53d3fb63

SHA1
c4d434f82be6f56ef7b3d80009f180b04b52242d

SHA256
a9c6d274836fddedd4a0d09919143dfbfb94f2ba164e5b5ee653b0e401318c95

SHA512
897520e322f72ca419c05938fbc86d41a22a92ce980287211fd75a248c1ca381b6783af767bc7a370478a2513f26cbcf57174977845de934638fae9a576c5979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe576cb4.TMP
Filesize
100KB

MD5
65e0eb20758f575004a81ae304e46e28

SHA1
1d6487e2944a8281e7959fe6bc4c45907c30987a

SHA256
300506d073d62e0d45c77ec7757426236ff54f92e69cea02348b332c1953109c

SHA512
679101e7e92236f00eec47a29c73c579bfe4f89483657972b7b478567875ce6fab3417bbb77edf69fc284833075adea68c908d504e19128dea14dbbb454e6495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\BatchIncrement[1].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\WindowsStudio[1].json
Filesize
119B

MD5
f5b73cd51eae57f64cf7757a2a96e4a7

SHA1
6f4e51f1063d1de9be09b99450175d2ade7ecc02

SHA256
cba800a6b47a5dbbbe9beb1d73334b0ec740b3255ae6aa9687d38765fba86fd6

SHA512
c3859665fc60648982374163eb15c2ba5e6a38b6cf81d1e128af01aebf12b110b129efd05e232d65a4d142422bd951d1b4714ba8b3f0d54d29b5fd91023a5169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\version-be30b823d3fc46a0-rbxPkgManifest[1].txt
Filesize
1KB

MD5
5e596a21c9d7f8853210c9fe663f7692

SHA1
8616e612cb6a03b38cdecbbd5e501f1f6165bc7c

SHA256
99c051dda1bae6f9b7d4a5ca411577ed77c354b7004513005406a113d91e0d67

SHA512
46c28501905650364ab18d6cbcbcda2a291c3a4850d5c5137278beacfd1436dbf495942491da057751910bbd3046e810503fee7cb2cf8003e0622ad4b7fcb9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\PCClientBootstrapper[1].json
Filesize
2KB

MD5
0a192ba644cff6cf2cd3ee4609db7e93

SHA1
23efa2ade435e35c7f2f8124251385b7df39f5ee

SHA256
b898ef60871b6bdfb79bf9d2007c929ac3421781051aa76fa352d53a68cf77e9

SHA512
343fded552b9361396c42236af4a8c080e9652614a9b33295856b10a1e9036ba941686fccfc298d96d52bddcc1a3699476932090476e5e934c103c7398887f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\RobloxStudioLauncherBeta[1].exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2589a1cb1e0fb88417ed14e16aac5f32
Filesize
2KB

MD5
8d9690d173575b4ac2ac9bbb76f46008

SHA1
3e8448968ad1050d4e92f4f03c9edf17e81d392b

SHA256
245aca4a425e97d30af86f9d599f8a752af11979160bb4bc9fcbd06a14f7732d

SHA512
f55f10d3201ca7ca31061bc57202f5e6ad06a151e37ccdc0cae62223cee6ca39bdc86d9ce40a49ca01601f905ede350f4ff2d4237c39430b083366d3e134a5d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\313b3a1a452ac1f5ce9638290e710446
Filesize
1KB

MD5
ca65772e0d2406a15503b15f8bea216e

SHA1
e323f17bef8a0489d31f39db4a4392f117cd0d51

SHA256
6fed8716c4e7ded7f478d012d11a964597e24dca964a9fcfe9855cbf458bff19

SHA512
c0cc2f69a4810f3c3d9c95a715310e6670ffa26ea41264992306b6f1f47db750af58359050ec9e8145c40b2bf1d9e9e1b47c3c55cf24c7aae44bce151b6b4b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6aa48a4ba67c6aa0a7d80096f13e0e58
Filesize
3KB

MD5
674815c36e1c3d96d7b6a6240fad364b

SHA1
c13867dc37546e3e3f041ae1fe5df01dba964833

SHA256
6e896b6ce99ea4e8cccf9a607a4e3f6d6fbaa4c207a439530787f41bb09d460d

SHA512
5aad437609ed0d35cc5c6de666b574260eaa3c1822760239dbd68fa3a1fcfcd5aa70459cda405c178d642f12842c6dfb9a49c5f4446a50242215c57a6f40a8c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\767fd1c86a6438f2df71a3ad990afaac
Filesize
32KB

MD5
aa3d5760d3fd89d8081c711d05aaa538

SHA1
84c747b28a0e17661c410a2dec2d0a3bb95d54ad

SHA256
0cfd503394bd5b324075e979115ffa368c0c7a0a369f8d05f4ca7de2d631a5f6

SHA512
a8b7661862059054e929f7a9058728de125273633167aaa1efdcc606d7755a11b8c3c885cc2766cf3a2414edaa2275cbb66b0d8a5bbe3e3183b47661640f6844

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\aea6e7b70d2b0aa727f2395a4dc97dd7
Filesize
1KB

MD5
bb5646506313244ad65ea90baba0b28b

SHA1
49bc1863a648c288ca4b19a68386556bbde2f4ac

SHA256
63efe7da6d4662c19482aa84648189b5fddca35ec6e1ab1b48ebc88f93a8c817

SHA512
98d71a30c16c983c40d45b045be36383fe75c51728c62539daab508e6b6f9a4f7c1b35473e587c19a7c4b6210c50a3b097f114dbf7d62496cb30fddae7f8d642

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f6030970c3b8220b22243702c43864df
Filesize
1KB

MD5
a7d34d5dc94d98c96f1fe30d5e512b35

SHA1
50a60dfad100414a1c85bf00276406c4236dcc2c

SHA256
5b176e38322db0d171874d325ac3c595149575cef87f5283367aa57de7cb560e

SHA512
107e431d58e00a9d80b41f1094a6a9e635ed51a3efb55c98dc4d439098befc75998de895121a40d5600d1fdd9d03149ee49774cde66fe9b7dba88b1b9f9782b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
81d6f695e485a732e9bd9372233a0cc9

SHA1
7d4dcf9f720c2f83914dc3ce10eedc1388415750

SHA256
3fd977e4f59f2d4b9c31364196a220b0b208576f91a11829672175292e451fc6

SHA512
cbe0e2aed47647ecdaeed20e4ac40285d53fa73b539149e6d1a338ab386e439f6daa760a7b2c5cc4b06e5c91347f4c9161b1bd12a691885a76806fba5b12cf2a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Roblox Studio.lnk
Filesize
1KB

MD5
b5babe3ea84e85a55e7f1e80586f8455

SHA1
ce9d8a0a62c90ca9a75a5ffe9a217e79dbfb1279

SHA256
b147625ed64f3fe9a1f0b36a16f861dff842be24e00c819d5170044b25445e00

SHA512
a2a3016f1e6794b5ba2e384bd8787e500b10d80876e5d881663ab3cf47352c81c6f686910d2344d07f180ae93bf0c321ace4fe3af3080e0f03b835a583949658

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2120_SAQHMDMTQJIBRBUY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/260-1634-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/260-1638-0x0000000000530000-0x0000000005C5A000-memory.dmp

Filesize
87.2MB

Download
memory/260-1637-0x0000000005EF0000-0x0000000005EF1000-memory.dmp

Filesize
4KB

Download
memory/260-1650-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/260-1636-0x0000000005EE0000-0x0000000005EE1000-memory.dmp

Filesize
4KB

Download
memory/260-1635-0x0000000005ED0000-0x0000000005ED1000-memory.dmp

Filesize
4KB

Download
memory/260-1633-0x0000000005EA0000-0x0000000005EA1000-memory.dmp

Filesize
4KB

Download
memory/260-1632-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/4280-134-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/4280-135-0x0000000005C60000-0x0000000006204000-memory.dmp

Filesize
5.6MB

Download
memory/4280-136-0x00000000057A0000-0x0000000005832000-memory.dmp

Filesize
584KB

Download
memory/4280-138-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/4280-133-0x00000000005D0000-0x00000000009C4000-memory.dmp

Filesize
4.0MB

Download