hxxp://wearedevs[.]com

Analysis

max time kernel
195s
max time network
331s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-03-2023 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wearedevs.com

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe

Executes dropped EXE 5 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

pid process

5084 RobloxPlayerLauncher.exe
996 RobloxPlayerLauncher.exe
3344 RobloxPlayerLauncher.exe
2180 RobloxPlayerLauncher.exe
4920 RobloxPlayerBeta.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
5084	RobloxPlayerLauncher.exe
996	RobloxPlayerLauncher.exe
3344	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
4920	RobloxPlayerBeta.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

bcastdvr.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini bcastdvr.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\MaterialGenerator\Materials\Sandstone.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetConfig\onsale@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\utilities\extendSchema.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Regulations\ScreenTime\HttpRequests.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialRoactChat\SocialRoactChat\Users\populateUserWithState.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxPresence\RoduxPresence\Reducer\Presence\byGameId.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SharedFlags\SharedFlags\GetFFlagUserSearchNewContextExperimentEnabled.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\Large\CircleBackground.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\Misc\MuteAll.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Set\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestCore\JestTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestSnapshot-edcba0e9-2.4.1\JestSnapshot\types.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\roblox_lumberyak-b6bd621d-e6abd03f\lumberyak\example\app\appLogger.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\temp\Text.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioSharedUI\videos.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\TerrainTools\icon_regions_resize.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Keyboard\close_button_background.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-90b08185\LuauPolyfill\Number\isNaN.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Object\assign.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\RoactPaginator\Logger.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\optimism\cache.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\Dev\Rhodium.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphQLServer\GraphQLServer\integrationTests\ProfileInsights.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\InviteLinkExpiredModal\LuaSocialLibrariesDeps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\RoactRodux\useDispatch.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Style\Style\Themes\LightTheme.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Controls\RadialFill.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\SpeakerDark\Unmuted60.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\ic-robux@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-0ba25b72-b001fcbe\RoduxFriends\Models\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\ContactsList\Components\ContactsList\init.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\Utils\contactImporterOSPermissions.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphqlHttpArtifacts\GraphqlHttpArtifacts\experience-media-fail\games.roblox.com\get.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\PlatformContent\pc\textures\water\normal_14.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\ErrorIcon@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\link\http\rewriteURIForGET.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestConfig\JestConfig\constants.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\AssertionError\AssertionError.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingGames-47864141-05d37b25\NetworkingGames\createRequestThunks.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PrefetchProtocol\JestGlobals.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ViewSelector\front_hover.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-24c5c11f-f6df649b\RoduxFriends\Actions\FriendRequestDeclined.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\ExternalEventConnection.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\useEffectOnce.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\PlatformContent\pc\textures\fabric\reflection.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\SpeakerLight\Unmuted20@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\ic-pin@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestReporters-edcba0e9-3.2.1\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\console\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\unification\RobloxClassicServerScript.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\sky\sun.jpg	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetPreview\info.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\ic-friends@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\roblox_t\t\t.d.ts	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphQLServer\GraphQLServer\graphql\dataLoaders\makeThumbnailsDataLoader.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestSnapshot-edcba0e9-3.2.1\JestSnapshot\State.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\React-a406e214-4230f473\React\ReactBinding.roblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoactAppExperiment\RoactAppExperiment\useBrowserTrackerExperiment.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Requests\UsersGetPresence.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\SocialTabPage\init.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\fonts\Jura-Regular.ttf	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\button_lock.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\TestHelpers\mockStore.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerBeta.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247712914259612"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 51 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_CLASSES\ROBLOX-PLAYER\DEFAULTICON	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_CLASSES\ROBLOX-PLAYER\SHELL\OPEN\COMMAND	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

chrome.exeRobloxPlayerLauncher.exechrome.exeRobloxPlayerBeta.exe

pid	process
4036	chrome.exe
4036	chrome.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
1276	chrome.exe
1276	chrome.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
5084	RobloxPlayerLauncher.exe
4920	RobloxPlayerBeta.exe
4920	RobloxPlayerBeta.exe
4920	RobloxPlayerBeta.exe
4920	RobloxPlayerBeta.exe
4920	RobloxPlayerBeta.exe
4920	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

4920 RobloxPlayerBeta.exe
4920 RobloxPlayerBeta.exe

pid	process
4920	RobloxPlayerBeta.exe
4920	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4036 wrote to memory of 4420	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4420	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 2264	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4436	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4436	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4140	4036	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://wearedevs.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffd35549758,0x7ffd35549768,0x7ffd35549778
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:2
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2752 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4484 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3124 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4796 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5364 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4456 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4312 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6400 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6368 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5728 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:3484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4612 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=168 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2288 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4972 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3936 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:4412

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5084

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5ec,0x600,0x6dc,0x6f0,0x6d4,0x13cb480,0x13cb490,0x13cb4a0
3⤵
- Executes dropped EXE
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3384 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6744 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:1
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1792,i,5587830120552090299,14513745363991193431,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:ndcGmEMLhHGEKKGYaWwmQ90pFCk9Txs9AGxXVF4uwwmAuaXMjrvG5X-lURovJHSNqzr1Fq4WFSoQC74R90C6FhBtNhP4GKP77pRPIP5NSqsZdOQlhgV34m-r6RssXs78-04SPgP3OgqiGtrypqIKa5BS5oGlBWPYOwkYp3ScJLSkEUrUTrQh1wTbDea3zfsEI2oXtZQu6a4_QlHmxN14k0tr5TwU10JyzxeeKtcS-oI+launchtime:1680297842972+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167640417704%26placeId%3D12109643%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8fbea058-cd25-44d2-b91c-3e1a3f7db3e8%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167640417704+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:3344

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x66c,0x670,0x674,0x60c,0x694,0xffb480,0xffb490,0xffb4a0
3⤵
- Executes dropped EXE
PID:2180

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe" --app -t ndcGmEMLhHGEKKGYaWwmQ90pFCk9Txs9AGxXVF4uwwmAuaXMjrvG5X-lURovJHSNqzr1Fq4WFSoQC74R90C6FhBtNhP4GKP77pRPIP5NSqsZdOQlhgV34m-r6RssXs78-04SPgP3OgqiGtrypqIKa5BS5oGlBWPYOwkYp3ScJLSkEUrUTrQh1wTbDea3zfsEI2oXtZQu6a4_QlHmxN14k0tr5TwU10JyzxeeKtcS-oI -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167640417704&placeId=12109643&isPlayTogetherGame=false&joinAttemptId=8fbea058-cd25-44d2-b91c-3e1a3f7db3e8&joinAttemptOrigin=PlayButton -b 167640417704 --launchtime=1680297842972 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4920

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c CLS
4⤵
PID:5028

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c CLS
4⤵
PID:4484

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c CLS
4⤵
PID:3328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3588

C:\Users\Admin\Downloads\Fly\Fly.exe
"C:\Users\Admin\Downloads\Fly\Fly.exe"
1⤵
PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8
1⤵
PID:3396

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4456

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000060386 /startuptips
1⤵
PID:204

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
PID:2756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\AppSettings.xml
Filesize
149B

MD5
48f58abeaac832f838efd2beb25f4c90

SHA1
7878e28b62e5d9bc9042a3e44094e39668f03384

SHA256
893a58e7946728c9dd5caac10e5bdc306a465e406c1f979ded52a13dafebce2d

SHA512
c5e3025b63eead12a0f8192ea41afd1216dd87b14a07d22ebafc6d3d899a06e80da947b3fcd1b3f2cf53b89b3de9967f89c415394d66c277556373b620dc827e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
Filesize
58.0MB

MD5
cd199f81c3a2cbdbf8ede573d6c19013

SHA1
f0fb145f124ac1d299a34ca7efaf98eb946718e1

SHA256
87da9bc3377e4503712a5fa01f1b4560effd3908cf25257f9c639ea671b34a78

SHA512
f06dde6f9ea5bf11d876b117a33f46a8ae5a22ecdf8fc768af4d975b626661e89ca7a866585131b1c4289a2038e8bccd28dee13b570ab4c37e1eef7ee037b08d

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
9bf77ce85a5a981d86a0f7a4672ba22b

SHA1
62fb7e9f8b763de11a63a156c847e7df4dde7fad

SHA256
44ed3a7243fe9995a4439683d11971670eb00101c3832ad30db5242560b2b354

SHA512
2ead42546c80b3dbb87ac93f1324c85fc0bfed5a7c51a1217993c18d43886a9e7580a80ba9a2b6ec4c7eefd23d274fce561845ab508b427afc906ad594f58e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
84b1f477c90dbeb15a36b2ccac368a13

SHA1
98258bc6548a59dbdbf2baedc3a8ba94140c7d57

SHA256
00af63b52d5ab007911925c905af313aefb5f6b61e8dfd17bed35abf8b0786ef

SHA512
ab277579fb932eb95fb2b84ec4e8c12aecc196113e24d6cea3a7d182af20266a8997dd55ccf878c8e65332ae081635e8420da84fe13b2908087e8c46054ccc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
5857d847a7950e5d82e79ef28e4fdbe6

SHA1
2c1e358e0bf0fdce5d3f000a27338031f7efd29e

SHA256
5ae042f152090d7ced0f0532e9fe36c8a5affbd75c7e2b8e78e7fb7ce2c67960

SHA512
78e1b78132bb9a71861ced01a27f2e3bc8b58d7688994f610420ab425beb46e66395b26c0fc542c6490f8a55afd0562cf7671d77927c3532223b175d0e4442bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
ae8d31f834b251508eef14036142c89a

SHA1
c58cd5af72ebd2c3c3cdd68fa7dbfb64bc0452fc

SHA256
07209aad7d016311dc5a01e047238dcf50cdf9eaa122aedf5afe6d2fe060e823

SHA512
a690bcfa87f45314590c4fa65ee9c8e7b639ad5e0121e0f3de1d8206a9dce50af8c4fa3e7db0fb0880775553608cd9cbbd3cf43d9c768866b87bc21ff7b468d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
4188fa695abed66c7e07e79e76b12148

SHA1
28b9dfa7cee31d01bffd84063eb8c0fffc78e93e

SHA256
62227fcf822db724488851ac2656ffd298796dd948249b48c5da01435fda06f7

SHA512
1042f64e0f618fa87528f20ed4fa95000f2fa646ee8c65ee858d93552a72a7ff8310e538c4e5f1d4fc65ca83d8c51327f0cb8b0011b167eea8c8ac70b4d1a36d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
1bfb940a25a3e33325d2653ea5e8d1be

SHA1
9eb660fa986f1017153c34153b4263aafe65a241

SHA256
421df4286a4f65924139e791efc4d2aa4fd38df51056ca08ef8703c87c4c4954

SHA512
e2daf29bc3026db9c338e5816c48931b0e288a598673335e49d8af1d4bf8a2980f32d8535a6e83af413fa0d0d3036a9dc2ed5284161c665ffa02c18472e590c9

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx
Filesize
174B

MD5
a3eddc924cb0a2ed6efd6f7ce08515df

SHA1
47d9f2930fe592da9fe42498e71f2fa0fb808e7d

SHA256
7b6e570a07e3d8d98774b2e8c4e5c5d91c000c0eab6ab116bb15fbcda032164f

SHA512
9b47806cb564e1ec3e3bffbaabfb4cc9f7e3a8d77ea31d81c42816fafb5591073de3868f4759c4dcb2a3153bd0dbdce38a075dd06e05d766398a24846766d402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
96KB

MD5
9add8a2d0968db9bfeecea90afe78908

SHA1
0fbad9c080edbbfafa13582c16dcdce975ad8bff

SHA256
1de5ec9db21d2c963b10fcea854a1cc1d0cabbdecb268dddabd4f2294687e644

SHA512
851859d5643d30089a470a289b515098c5c1c7b6a0a4f832c04bcd291af250ad1d63232742fde80f606d0f3d7b6ab6d36326f643407caec62ff67d5c9a56dfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
65KB

MD5
edcb91ce5dca4e9a1ff9313449276bda

SHA1
4809497efcd53b37a2155174f2e9140b364861d8

SHA256
f8fe57163aafbab20f2ac66878c339a3c2c3f05c9b4d18a2df7ef135e5e0bbe3

SHA512
f477001e9c775ec6711ba3ab45f1681cb18bcb52de942a074bf4d6fde8039ef31da21c0cc7ba0d71252edbac996899637ac92b87bd3944c414d34d699fe76deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
e4c1ac4d0d4fbcc06d01f261704cfc05

SHA1
abb57816fa9a41c87f3854450aea8094ada9ee7e

SHA256
7d8342e11477bb78116a1aae9e9558222600d7970e4a3fb79e3df3dfe4d0460c

SHA512
a43d371ab227522200316232fa35a4c521bd7d0c2acc18655cce79b591e928a5820e3702c5e5c4365dbd2e457f3311dcd5c8ff3d99ea304875efa5fffe8b62b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
59a759f53ddd1f56390e7c9c77d65893

SHA1
a256b0e9f717973ea3cfc0078a8c366a519a034a

SHA256
fb223b4f30d242baa2f47113f205cd2c3abaced5e1cdbcae5ce74d25697054a7

SHA512
89bc873eee0a7923fbec71e42cad523e6b5cd5f78a6f00741b1c62b78882301e124121b039aa149b3a2787957c1e354583c43144c5ca109fb86a5d2f30ace1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0588551b-d1fc-4bef-8eed-c5777e2e54b1.tmp
Filesize
3KB

MD5
6e69651099c17ac2565ec5953eed33a8

SHA1
f1a927ce7c09644732181ff1f18a4560fc8dc4b4

SHA256
b44a084da4e2249290abdd7aabce6fc00cfeec9f711d7f0917b853e2ce32e4bf

SHA512
4051610e898dd983551f40c6812111cd1e5fed89b76ec0e3a0198c3144c6d78a00d5b349cc9e106dbdab360d2bb07e6ff85f2d27cf8e4ff4c000e8b6c91882c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4cfdf4c3-4124-44f8-a476-cffe14864d1a.tmp
Filesize
3KB

MD5
96fb7e2fcbb8713842bdd0691342d5cc

SHA1
cbbb7f62e598a97586807715514476d19465ed95

SHA256
540c2db682326e74c120ad3a3e2da5b692c1b9af4876a659408376a512d2ab6a

SHA512
fce9394db666084998729bb71ceac80614e71a6b4f79ffb15aa384380250f21dfd0412bf282cacb6d601ab5a633e7a9be393826503878b8b882973834d0a730a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5f4df5c6-41e4-4d81-81b8-96a7cd3f4e48.tmp
Filesize
2KB

MD5
c0d464ace4180f4c92f595771e79923d

SHA1
923994f06c6fc0a2f3e8720d89b31a81fc1d3b6a

SHA256
c3ae37d4ada27c2f21fabb877d7d276573c9e0da19450ed670647a8a40ff68eb

SHA512
e4c3ef10411ad24204950af03bc2e6ada9340d942b8e029237badb8373cc97727c0daba97d9d3f28a4c611e8b37beabadd33b0c28db64a439bdccb57461d01ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
9316e70b537c01bc11d3f1ba0b487a84

SHA1
1025312e52f9fcbdf43d571e4f79f82d74f63e5c

SHA256
e47d8ce77389f42be45240c8db89aec52b79f8cef0220760c38f6eb36347ca22

SHA512
74c20194aa4d6dca9aba55ba5f23536e05189db76b5774516004f80ad9b26b73d3e9edbefaf3ece19774ebb97b8e56ccbaa9a8ee6e7bae12dc8ff5e28dd6ecf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
c8d55ce856270efbd675efb902766702

SHA1
791115fa311d805059de953ff99d74fad3eb5234

SHA256
82f6ebe3a1c34410252f77cad30222b9c9b2d76f4eb8ab533f47f6211821a07e

SHA512
8b84c14da9c22b79689f8a64317b9cef096bc278b251bd2191cef8e8177f8cb0e4cc215223e641f83ddbbdd7b0a152f29fd64819b200977de5e2a9c44e4b7bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
bb4c6b7659416e3d6467e205ad155379

SHA1
6c343ef6dd9220775d31e193348bdc7bd4dbb6de

SHA256
a95ae28e0a0ec42e50d9fdd3cddc91eedfe4ccec5e4569f57aae9e07d637f51d

SHA512
32d3345b27e48a5c677b560b189f218cbf1d8ae623ac73e2efd51abcf28b4753c24a2670f679e277d847bd8a146cffb539e8baa4cca411b7ef35cafe3e158185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
f1be13d41f44c98d27cf712de4b7f3a9

SHA1
f6a15c3a83eeefa6af29fa1c9dcaf2a40cba51a7

SHA256
9ef8546177d2c42cfcd9df2414b45effc773bff01d4a5d663f2e6c820e5ce951

SHA512
a7047126da1f59ecef06f469f74a5699083911262c2557dbb4e5b4276402d7323ce9d0a8fb4c2c12473f9c0b5384e7b21ffbb42b4b2cd2f72afa294ef387e78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
0af36ebd775bf69b27a794cec80a96c5

SHA1
598f89f8253d0ab844f5ac7086bf3a3e29904a03

SHA256
e934fe37a5e9b17761296f1329ba041144e288d129d44816c76842f4101a1182

SHA512
77f7dfa5a6000d19aebe17191e2b23cbacca2fab3408e9072ae8d1099754dcfefcf24d5ab20cfad694c6722c7ff4eb9e9dd2d723b057399593e94c98ac0e51fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
5af812eb07da2bb4ce04e3033a7c5e06

SHA1
9c7c5a384bfdc11faf9d1dd1b9e26eca5142ad87

SHA256
8c4cd5e20e1bf59d8b981a6d7a972d83454b6d66e4cd133b4a87a2e72edaa11c

SHA512
c329626e4bc839ed2ea770976888ba2aefd71facd84bae1dfee057ade87e32e1b97b3220a26a537a114de89c80148c4c4e5c2dadb7423b9529e87981dc972160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5ed970ee0062336d336cdd24e35c38c4

SHA1
98afecb30c05517ad0f5916e34a55ff79bdeef60

SHA256
bd58e3c00fadd223eb175d6edaa926abe10672f4492d554eb334eed3221f0964

SHA512
f0ca01078148fa2ab6f8a72e8bcb646f1194086fd2ad182c3e1367bbd49be73edad4087785a056ed01475b0c5d7e012737082c483d16dd89a2c6182441b64ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
98b10036259edcceacd337478696df01

SHA1
366be279abcd762b4c1d812f2ea6082fd94395d5

SHA256
536344cc9f6c4093cf160ee56bc9068eec4833fe1a340ae234d94643fe1d112d

SHA512
7d8b16834f6bdc7400979a873ddc6a749d9a5bc617bfbe294d1fc9cbb03fbe7ebed041155d8280a9b84fdf62f84f3c3033fac94cf29737b82a891f2d9abaa3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
1ac166a56d89a8f5b09b5e7cec196a33

SHA1
7eaedb5eb77ecd705b13fb11bb658033ebefdb90

SHA256
6035d3f2b2432b50334a8418c784954b7740aaa78129aee88f340f74da68ce3a

SHA512
329ddc51f0a04f3ef80f89a7b60789bc590fc60d04ccb500ab32599e403ce4fc9add1e71fe7fb163201e75c947b57385d66826968e6b6c6eed1c16fadb75205a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
be73839b22f9eb6f3edd15743e4c4b09

SHA1
8dd8665632a9d2149a50c6795d0f9aecb962516d

SHA256
8f17eec0baed926bcfee770fe0ff0942a65e885fd5e4700b45dc5b2c98f459ca

SHA512
a887324c6ba7987b4ae94437dbeccb4a94a1c0b32ca090ffc7c7d9c50bf6e59da687642cf5260a271756c973080c6e13d00a31c9188e55e31c6efb909df56c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
c60f2cd9ca44ae7be1f95572af0bf32c

SHA1
2c077d917aea49b674109127828275adccb691eb

SHA256
cb059a9670f7d0bea6e3a46e719a1c2d9ea7a67b79428cc476aa0c66fff1736b

SHA512
3d117e852921092600ad92e874610841fcf44ba8c22455bc72083646c3ef960df3983ae677425cd408112942c28f83c2deeb537a51cfd7be5bc582e9b54dc304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9a6f7c6a7d848a89229752e121692182

SHA1
7c7ad204579f22fc1f3fa11b07e1d42f8e92a420

SHA256
fa8b43a84a1cc16bd7b39d46a181bf78081f943cb0e9d8ad2eaf315a86b00b35

SHA512
3c1e74f3893b79d75d4ea95ba3b785bff4d9ad3f93575927cf6b79e215e13808f94f4003a3674f053a0019b320aba0a07d719f636b0e36be7a43d6237206dc27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
2a44c256d204f0d4fcd107b0b25b75de

SHA1
a9b3d9b4875f58028a8dac475c4436fc3f7be106

SHA256
73817e25a00ef549549072ce7e7dc6df863ba370e155530980da5c352bf082a9

SHA512
2a135a6682c99aedc034631ae2a94af4e4459f7dea51d1791957f0bd3ba0c6305033757505c2d11f12470355a03cf7a75bceca20fb4d3985fe91c334a547d069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
de2effb11e32ea1de7f2a45aaff0e66b

SHA1
d27dd63fac2c058c637c21915d34dce0107def6f

SHA256
2d1093a426f081bfb1391bf1391c3655b99e419f6964446d8c24d4f4c64a3849

SHA512
6735d547017fc64406800a1b45f6af7c37426de86e4b511964353e6f3f2edcc185932812e865a1157b2eef2b8e48f05b1fbb310d3010ecea20997ae83c44a8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
8102452b30d4d8262bc9afb6362bdbd0

SHA1
3d3b10789d6311db1a902f93fb30f8f5f04f0eaa

SHA256
6a04c711547cf3ab49bda212c2c84cf9949fd7869b1eebda0777ba4900984357

SHA512
4c255ca977cb679752a8710281ceacc8d66c443a1b11242e6bb0b648d38cc53d5be82681efaee44f86d671bccaab3d944d8b36cc649f2e4a97e5bb9b2afed4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
35a6245436e491c44b15d9b58437c0cb

SHA1
b82d8d77a591fe7864fa5325c9ccef55c9657c8d

SHA256
eda3e18a68e7ed7c0b93f2f1d2e1d2cd522e83811f83add8701cb184d04df44f

SHA512
647d063c5deefe4f04d21171c8175f4331b0c3d5683de45937e1ce449ff459f21dccd3ea39db11d963b8ba3d8a16fa055ef6e1763e12678988f566fe1a394d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f7c4c295-9cc1-44d0-a29c-4fc6f125007e.tmp
Filesize
2KB

MD5
84fd4544c95191d7c985c423811cd404

SHA1
869ffdd5b84b1a7632d8c3fef81e5be51908612a

SHA256
157311f3a3fc721337367dfc1a1bb7578655467f8bc440237e0a2c50209902f9

SHA512
4ed4e1b72ff5d41e62484e74fb61b9e2537e3ab845b61e8657c77886fffd4833505bc72b075f4012a66cfe2d7f3e851eb9c2254b3302fef486a3dacd7a38b031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2455d4315a0cd4aabbcbd47cd7504789

SHA1
dfb69079dcdda4a909525b28c8d7023e30ffd17f

SHA256
1e806a03a9f24c3ea8ad9bb6538d2b304ee400fcb2c874dddcd49d80eb551655

SHA512
8350aa4b20a1a46ec5da567e90366538ce0611fd81b67ed143d48f51f42aa63e4e85b3a0826749db1f28eeb0e443afc28ebc9fe678afbf01c517ef298464437c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
aa87b8a5c70517c8fba06ed669d7f86d

SHA1
63ed5e5065a1cd51b7b2813f74ccf78b99a6c932

SHA256
faeef8e15224f19f2f4b77cf309d7d18be83269581b6e9db81f68c299414d4a7

SHA512
92a787054a30e60b8b3d30f9c7f59ba7b7524ee9cee3f19342d7d7c4d9ccbbdb01fdc9fdb8f49dffa0a7fc0956e28d73a7b8a10e4ca30b02a414a0e7457b8bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
acbd26fbdc72acf0e7bafd186d9a21b1

SHA1
ca1d39c6d266af9f2e19dcaa895de9014f80a2fe

SHA256
4d59d003b93f90b0b36be945f90004633943507deda030b18fb0acb872944d2f

SHA512
dea88e0d13e00fc14b4c9f5e5bff005a509ea5c394e6da7434a1d1075be7c905dc6826cd3b97370233bf816844fe39c9f917c497ad75fb61f0152e48c25dc962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e9992fe4ed09eb3316de948f4a5f6691

SHA1
8c7e6af37ab8b8589a1da6649a1f7bdc3a45952f

SHA256
2ab65eee2508afbe266d51698bacd8c9af9d5637d4212e6ce9161626630e5eee

SHA512
c7194d7819d1031acb112b2efebf4424346557038b57ff41b0648fe6878aabee5400c9a9008f29be90c432c35344e09a46bedf74d754c6ba9b85018a66c222bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cb463e95e57018c895ce8a989420c332

SHA1
7e21fa11d7c1ab602917a5bd028526e35e100da3

SHA256
588f1c1522b409d5df154a6ef5033bf34913e9c081c9353aea09bd1c00a28477

SHA512
eca13099e6251a61cc8bf3431aa22cc381dcaaee320b2ee68c33752c408c6f0d8802e312c2308503e9e79c2a4c94f3e62f8af77db42714c162a75033a3bc5f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3e24d5ab5c4e2eefbe74151557bc46c2

SHA1
4a899fe3f20a02fb34dadfb5cd889db320166527

SHA256
38b7a89047d4a016869c5790a3f2811304705d7944a2c9ecf033676203490922

SHA512
e981523f8be8728e001b81762eb04c63eb4644e5f0fcc86410748d07d05563395755b672ca54ffb64fbda641e11acedbdf28cd55ac064a3a0098b3717fa562c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c07526ca3156bfd870eaa1cd3159ca3a

SHA1
7ce3f5c26615b43ed413cccbb62c1bc6ea181376

SHA256
1d9566204a97e977277920f5918aab9aa93466efa9cbcf2eaa150bc5d84d56f3

SHA512
cae5cc6625728d5b0acacbb5d3c8fbbf405dc584c56898aac97be4103509807d54b6f40ec862426c04a90d40f1d2f5790b592947e5ed5f247f49bef017eb2c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e9992fe4ed09eb3316de948f4a5f6691

SHA1
8c7e6af37ab8b8589a1da6649a1f7bdc3a45952f

SHA256
2ab65eee2508afbe266d51698bacd8c9af9d5637d4212e6ce9161626630e5eee

SHA512
c7194d7819d1031acb112b2efebf4424346557038b57ff41b0648fe6878aabee5400c9a9008f29be90c432c35344e09a46bedf74d754c6ba9b85018a66c222bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
a7738b1554f6e0036ef88bea66775e7f

SHA1
876953af9078befb0aabb16aed3e77e1e2aded01

SHA256
3cc69e8870c24784a48caa9d456128283fe860a9f24831bee2c930a6fe322938

SHA512
3dd554341ef4763855b81f9bfad43028efff244278f3963d22f9f748b0c9f25292245165b17dfdfaa3e80ef24e49ab1a362522fe3c116ce490771672e3785394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe572088.TMP
Filesize
48B

MD5
ade83358437fa8eef303d87256c383ed

SHA1
2b654578c4b5126451591785b13fd01fb870c0f6

SHA256
4e1acfd6f6253f07ed6a090577b8489425938ce6f172d8753e466010b080d925

SHA512
196ba1f712db8bfbbeafebf74a227914ab91d117db4eb76e700c4c8b12564afe0aa93e8597c873a50de21ccba099b1f881c8522ff9219ec3b6a513bb19d64f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
2880f9dd76e02ab0984765af520673be

SHA1
db0fda080b7a0d337f7fb67fcbabb8e09ab1c608

SHA256
c513a907dae6b7e495dab7021b82ec70112152274daf6780b7d19ba303c67c26

SHA512
7e66f360c29553efe76989c3e9916e01facc8f6d40b0fcfe996f705243139ddb0cb814ab41f0f90f7bac40e3fc0e5c12c5b3e2b782e3cb96015473109bc0edd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
118KB

MD5
1d496bd581c22038e766ed9171d9beee

SHA1
4211c031f8e2417e6d030a85e9091da510189f58

SHA256
a3d88762fa79e375e7dd1aa48def9a1500519be79ab88d3e530be60c0a4dbd28

SHA512
2eedd36786fe4c257754a16fb21e06adcbe380e7c666414de422775969fbb2e91a3f112908b389123da394ff9c71159506e676a1712928bba733bccfcde1d4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
997e7712bc4ca0476fe2225d6b0cefcc

SHA1
cb2af26a01fb403bd4520461dbdb2ba977fa064d

SHA256
2a138317c3362bb6217daf31d4c4b0b76ea128482f3324a9eefdd21c4343740a

SHA512
e4c00b939b1a495e26587cf906eb145ebe9a1c224dba5a70e75e001f906c28f2e3179939f48fabe2d4382700b98c7cab459ab0b998dfa70c72c6c3cb5da39844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
a84449f3981e9ff7eacac6eee6ef1f69

SHA1
a452e9dedcdbf12ad5cb2b8c567a656dd49a1456

SHA256
d590509cfafaf0f4a2fdb59aa78b8587f7fd916080f8dceef84f75f5a3706bba

SHA512
9ada1a5ae05ebcda538176e7bb34d9d723c185613e8a922b7985ff3d872aa4c50bc6ea529a65de8915e284dbf920588d74562cbae37b2e04665ede06c5407ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579d78.TMP
Filesize
111KB

MD5
a3adaff8cdb6997a76150a61aaec52f6

SHA1
83a0f99377a7c5ab379fc527968196067b2d436c

SHA256
2785ced043c8d60a47fef0f3718c104fd451e9a3059ee13ca90fa84ad9194231

SHA512
bcb9b73957d8572732035975da2c4e9eac898ec508d66b823a999de45e6b9918f602460d28308c042f0c9a63a4c8798d6c3bbba0bc68847184c2c3669c73d61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a5929058-652c-4646-9384-18d1cd94cab2.tmp
Filesize
173KB

MD5
7f5eb9786a6518353bd61690bb497f5b

SHA1
ebdbd62040a2312e36616b66c30aadfe46bed64f

SHA256
336e901d24d12e0583bd602481f269475cbd7a416d21a95ab932515f97bfeb93

SHA512
e5ac3bbd7fd33641f0213a5ece3244b53c8189b9861e2c4e441ba4d7acbfed16aebf95b27a9711818f9b0ae5f1251a20ce8314b3df4a9638ae110b364d16ab10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\480JMPRZ\BatchIncrement[2].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\PCClientBootstrapper[1].json
Filesize
2KB

MD5
4b220deaf4fd3370c2b7ddbb2a541549

SHA1
8a198376e29b37bac2837f8ccedc85a583738ca5

SHA256
d40df69638475cba8ea684bd7bf6bacba879cdcb8ed94dcfbda7ded17af5e2a3

SHA512
1d5f193f9fff2e3147dcdfe33914be803a26dd131bcc3c65b9c132f3c8bcaa0fa2cc81fa9efaed7b6374775a8aa7efd20d13065de483210865742b056759bfbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O4HR65AL\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O4HR65AL\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\V53NBPRZ.cookie
Filesize
69B

MD5
49680c2443466c8a705d509170a3c5aa

SHA1
0c59d96f8a25a73a946495fc866009c4d42b8d97

SHA256
e6d98fc1c9191f42eb117ec2d098679748afc4884cdad15de595d6e0f23275bb

SHA512
18f29f0d4973ffbccf5e9bcf9d6cbe9d751f3d5cf2f671a538bdce67f61ab1926ec38e7da030b574bbf9dcb5e3ccb82e5ae8753b604ae02159c1065a34e66cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\216314118678a71bef90e9cfa8053879
Filesize
91KB

MD5
14246a5fc967162c544bf3813daea329

SHA1
f0a4e2583381b23b638e5fd1f8067ede231e0ff5

SHA256
4410c6d0b51127e2b419d2a6b9cd165bf523a5f738f5029059fff3a07777a6fe

SHA512
d86556c894df72f8b2337b37cdd6c548523f258bf112d5e59fab0e2cc250f79a627fb456ea802732f59c3a9e7ab214dce1fb0355a566cf7a0c8682ae76bb9e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\52293fc4e7430bf982dd3d30b4889d7d
Filesize
25KB

MD5
c28947f37791284a1abd444e345943b3

SHA1
7eef6d9469b427f2614aaf472b2018de29a51599

SHA256
5d57dd9d9671b389276941b451d67676e575fdb45f293d0faf2a1ce8e2052cb7

SHA512
76ca083c7133d8aca43c4aad2e6dd69330b8c63df76cddf5965721829c198da88bab39269e8669089fdca19f9f350b2f53d811f051981e54cc2ca8fac5c2116b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6ed929557c538941293296b7d8f393f8
Filesize
534KB

MD5
401d8cc514f7423dca3e970a334f7e31

SHA1
7321ff2f66800911b51f81d88820cfea5df945a8

SHA256
ed58934f47f8ada036677d5043219ca0f933ea9b72bc4a7378136ce2b203f803

SHA512
c1ea9e2f340e9a97aff4b2e4e229979da11dfc57110453c824f1f64ad142e2d852fff64c8eac21cb1dc7dc87b99b2b27140b612e45c2408aaf42f44fc94a73ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8e5bb86804e34844f22d2e000443f0cd
Filesize
359KB

MD5
a81c206a5865d95227521c4f88a4a8a3

SHA1
f1044e9d1eac9a12ce7ceaefb81df6c3dc529802

SHA256
020e46ffa7be4e79d65395142a96d2d670151291b18e83cb08fa3b50086e2777

SHA512
46089d1eea2aa88005dac47ecccbeb0a073d557e19e0d8ed4efaa90e7b1ba5a21ebdf8207f563709337b8af92bae712612972d77a8f1878840d1c4c3f024910c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c5e976572cf91e32b74bbd2f412c20ac
Filesize
1KB

MD5
6c535bb615dd59029994fa1cb7895a84

SHA1
fa00e811c51c280cdabeba8ce837ef9f0c02827b

SHA256
6c93618d5dfee29142de3adcf6717763f547b8fc37a1e2ec21b60cd67585cc1d

SHA512
278f3b2a981d0b172c36e74e0171a35adcceff044f48614f130e363f2bbc1c10269dfe531575fa75dc8e26e3aeeac0268dc155538b0622884614b6f54d941463

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ca332b5781e9a04b62b975ed415a506a
Filesize
189KB

MD5
715ad6782e24308ee7f9adcf792a3a89

SHA1
9db281e47d753eda0a4aeb14c286f6709b1173c4

SHA256
9b0dd45122c868f8a0bb592fedd23ef6a32f10f7f9a9bea0d881430d9339c3b9

SHA512
b2373a434fb216c60476926245b25fe7e92ce7b6b3c64532e7a5c616b21ad0106751149ec2aa6b31f0033ce47b1321ff32b23e3f945bafd8453b3d4c4b4cbcab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5c9cd1d452f4b1199271302cd408257
Filesize
174KB

MD5
8f24aebdf9363f4427020d67f24e0663

SHA1
a46bb8ceae398c5f8e81e0df3255e6d2020a9a31

SHA256
c71ae352e160543f1c64661e0276f6cf7e673e4bc7fa909e183a6c6cb9c3ce4c

SHA512
7f9c34efcea6a904cf0b25c924106be64acca56c80904a7a5bbaac2cae368dad01866568ed3460c859f6e4fe7a2d32d0fb09e2c5ff9fdca4b2c1fec6addf8bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
24fef06f4276736d534447d6ed55bc65

SHA1
a83260a499c3e6b85a8271c6472847f104c3342b

SHA256
318e2329e13802c9388cf10d8f1ba5f482fadb6f91eae8949d034b2bc4f8791b

SHA512
0c548f0f2d89347c1c9127264a9330fb319756bda84a730c9fc8c280ceacc520f83cb40d0b0ea3f598cc1e10dc63e1a7b9d6345e08beef2c41914007fb420dc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\exploit-main.dll
Filesize
10.1MB

MD5
37853bbd62be10b961da9e47c59df2d3

SHA1
bc263f3b9fe09c6a6b3d1952922286f5de4e86c0

SHA256
07f77d1bd8e3a0c7d3d7b40fa2a78201a4d9a92052e900458e92d2ffd18d5b6d

SHA512
099798e429bedfbbcf121d17eb21b6b65d88efd5d4e3350bb65a6e4c9234ed881a1685e447ff9164b484d1ae57269479b7ab74d12e4bfa42997d76803b0c1250

Download Submit
C:\Users\Admin\AppData\Local\Temp\exploit-main.dll
Filesize
10.1MB

MD5
37853bbd62be10b961da9e47c59df2d3

SHA1
bc263f3b9fe09c6a6b3d1952922286f5de4e86c0

SHA256
07f77d1bd8e3a0c7d3d7b40fa2a78201a4d9a92052e900458e92d2ffd18d5b6d

SHA512
099798e429bedfbbcf121d17eb21b6b65d88efd5d4e3350bb65a6e4c9234ed881a1685e447ff9164b484d1ae57269479b7ab74d12e4bfa42997d76803b0c1250

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\crashpad_4036_DATYYMJDCRKQGDOJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\exploit-main.dll
Filesize
10.1MB

MD5
37853bbd62be10b961da9e47c59df2d3

SHA1
bc263f3b9fe09c6a6b3d1952922286f5de4e86c0

SHA256
07f77d1bd8e3a0c7d3d7b40fa2a78201a4d9a92052e900458e92d2ffd18d5b6d

SHA512
099798e429bedfbbcf121d17eb21b6b65d88efd5d4e3350bb65a6e4c9234ed881a1685e447ff9164b484d1ae57269479b7ab74d12e4bfa42997d76803b0c1250

Download Submit
memory/4920-2054-0x00000000703A0000-0x0000000071932000-memory.dmp

Filesize
21.6MB

Download
memory/4920-2053-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/4920-1535-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/4920-1534-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/4920-1540-0x0000000000DE0000-0x000000000650A000-memory.dmp

Filesize
87.2MB

Download
memory/4920-1539-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/4920-1538-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/4920-1537-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/4920-1536-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download