hxxp://a | Triage

Analysis

max time kernel
147s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-03-2023 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://a

Score

8^/10

evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 2 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

pid process

3796 RobloxPlayerLauncher.exe
2548 RobloxPlayerLauncher.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RobloxPlayerLauncher.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerLauncher.exe

pid	process
3796	RobloxPlayerLauncher.exe
2548	RobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\LayeredClothingEditor\Icon_Preview_Animation.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\MaterialManager\Texture_None_Light.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\MenuBarIcons\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\unification\LocalEffects.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\fonts\families\Arial.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\button_control_start.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\GameSettings\UncheckedBox.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetConfig\rejected.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\icon_intern-16.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Chat\ChatFlip.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\LeaveGame\thumb_strokeStyle.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\COPYRIGHT.txt	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AvatarToolsShared\Preview Undock.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ViewSelector\front_hover_zh_cn.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Slider\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\configs\DateTimeLocaleConfigs\zh-hk.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\Cursors\Gamepad\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\PublishPlaceAs\navigation_pushBack.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\Editor\TenFoot\OrangeHighlight.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\Editor\TenFoot\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\scripts\characterStateMachineLoader.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\fonts\families\Balthazar.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\RoundedBackground.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetConfig\version.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Controls\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\TerrainTools\radio_button_frame_dark.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\move.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\LegacyRbxGui\scroll.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Slider\Left.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\fonts\Sarpanch-Regular.ttf	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\models\Thumbnails\Mannequins\R6.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\particles\explosion01_shockwave_main.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\TenFoot\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\SpeakerLight\Unmuted20.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AvatarEditorImages\Sliders\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\Debugger\Stop.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\PurchasePrompt\Premium.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\Debugger\Watch-Window.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\SelfView\SelfView_icon_indicator_off.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\TopBar\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VR\buttonActive.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\WindControl\ArrowDown.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\configs\DateTimeLocaleConfigs\en-nz.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\fonts\Merriweather-Regular.ttf	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\MenuBar\icon_menu.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Players\Muted.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\PluginManagement\unchecked.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioUIEditor\icon_resize2.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\TenFoot\CircleBackground.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Help\BButtonDark.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\New\Unmuted0.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\SelfView\SelfView_icon_faceToggle_on.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetConfig\gridview.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXERobloxPlayerLauncher.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2036338871"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024148"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c03486811464d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\User Preferences	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2036338871"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "5"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000997a23a2ecd7164cbfc0800bd950d66200000000020000000000106600000001000020000000d5e10b97aa8b183ee833f927bedde696f4ff3a427a617ce581cc45a5558f51a1000000000e8000000002000020000000f3f874da94621e93b01b9c476226750abab16a184ae218f7cf57c32aac5438a350000000d148c7223beded55fa3cf88aca8e2861b7f45850263e0b97215195c4cd0e698dda7562be85e5c3e667f4268084a41c997b4b557daff13aac2edebf843320a30c091f93e0854f3087d0ae6aefb6cb44bc40000000187e25dbb92eacf5f4fb4a78e8f205ab888fb94297ce564b4cbb37a8e1702651d0d987a80d53ea5b2c48414ca429fde18c05ba4b82efcedb5713eea6cc0988e4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000997a23a2ecd7164cbfc0800bd950d6620000000002000000000010660000000100002000000099d55fbc4e9f948cdce4ed3943e8aba82bd7193088f32dddb4e8198c2c61aa92000000000e80000000020000200000004e3dfb0ed59a0113f48326226b333cc33984d3c0938218f3931abf141d836e76100000001690ee66a6b9689477f960cf99bf91aa400000008051478164d50f8b32028b8132c3052f0776dbb63d7cd56698bc658187d479fadfba47b18567881c4954414e85b111ffc2928de6274b6a2cf1b482cbeac6b01e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A44262A0-D007-11ED-A853-FEFF0DC94917} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000997a23a2ecd7164cbfc0800bd950d662000000000200000000001066000000010000200000007d3315f5674e341a6d251f8b80d1df05b93373d00036cc8f4bc5603ab84aae68000000000e80000000020000200000006dee25f80bdb3a0f0a3626bca3e91f1350e3e19b505a1ea5360d0a0e106c1395200000001bcb879d5edf9d6994f3a1e82ff0a26702362b231d058e788e32fba5b2591e81400000003af2f822da18e1f10a6aa62e05df12ac61dbffb8e18c8508eb0c12154bfdfb07a8761f1311d49272c28d8a99e715537d01d9f24f151ccfebd20c61d0d2bfe24a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000997a23a2ecd7164cbfc0800bd950d6620000000002000000000010660000000100002000000078000c0d0ecba8008e64398d8e7abf22034be21fdf56d2de8cf9dd1a98aa9098000000000e80000000020000200000001b83144b1c575a1fad26f11f482d55bdd338224b791f11ff253121b1e6e07d042000000053c3a1bd213faa3873d89488abd2c6b3aec11723fd13e62d8ed95a42d4ccde2c40000000d99c80c88aee5d90c1fc8b50fa7fa4ce7d9dd79e96b683fc35d533f172af310ad35163ec707d176a1dfdd3f6b65b379ab1a6498d4bb3ece96cfc037e7a92c85a	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024148"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f66b811464d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 43f289759c45d901	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247703299271414"	chrome.exe

Modifies registry class 9 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exeRobloxPlayerLauncher.exe

pid process

4412 chrome.exe
4412 chrome.exe
3796 RobloxPlayerLauncher.exe
3796 RobloxPlayerLauncher.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4412 chrome.exe
4412 chrome.exe
4412 chrome.exe
4412 chrome.exe
4412 chrome.exe
4412 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
2904	iexplore.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2904 iexplore.exe
2904 iexplore.exe
4092 IEXPLORE.EXE
4092 IEXPLORE.EXE
4092 IEXPLORE.EXE
4092 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 2904 wrote to memory of 4092	2904	iexplore.exe	IEXPLORE.EXE
PID 2904 wrote to memory of 4092	2904	iexplore.exe	IEXPLORE.EXE
PID 2904 wrote to memory of 4092	2904	iexplore.exe	IEXPLORE.EXE
PID 4412 wrote to memory of 4464	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4464	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5116	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5092	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 5092	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe
PID 4412 wrote to memory of 4296	4412	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://a
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffdb53d9758,0x7ffdb53d9768,0x7ffdb53d9778
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:2
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:1
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:1
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4864 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:1
2⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5184 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:1
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4396 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4296 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5472 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1860,i,10762731817720755018,11731441971190192628,131072 /prefetch:8
2⤵
PID:536

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3796

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6ac,0x6a8,0x6b4,0x608,0x6ec,0x3eb480,0x3eb490,0x3eb4a0
3⤵
- Executes dropped EXE
PID:2548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:684

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
afeb947700934e6495db2ef5ea714989

SHA1
04b3bf94f26b6721dbcc1a82bca036c02a911c49

SHA256
4f5e96a0e628ca7309c330d38643b917c965130949cef8fa342f2f478341f187

SHA512
ddf567306b9ea5439efc12896df20f05568694fd645641f98a1a156e58948e82fd06649a6f0f1ac37b176f5c52d99ddd25d72ec0d63c85ee8235b2c1a5e3bd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
f8645c7a22232352ea3d305998f578dc

SHA1
d5b75089b7dd0943fc06e18992d85e8b8c2bf3b0

SHA256
874d6dcd907ed3832af9dfac6bddc497072dca4fce80783c401563a460620e41

SHA512
624155d7bb86a4c9caf693abe6f94541895796950ff8257d53d4c01736b2d2f6033c5bf6d4c47002463a88c514ad1c02703ecd766a06d4ca336f23153c164fb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
d334fcce5bf5effb89fbb9a61342751c

SHA1
ff17d83290bd45197223dfee5ea5a82c71c6d4b5

SHA256
1e0df70790e4456f97481253e2fcc4252abe5a99809de1d9fe288c8e60492f8b

SHA512
439e8e20e808e28e7f526d43adeaa7eb4b34d2cc6b0549cfc90802f54eb32fdcb3b33e8e5d179450cdcbbf3a7663116e50910fc134f7832129f2e5c0bd523be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
c5262e4ef6d75f921f196f9431ee43db

SHA1
f26495fde1023bb5877b78ef9e3480b3d1298d8e

SHA256
784e1382ba23df7519bf9c122a7f35c555baf65068c2b25dc63c2401da72adb3

SHA512
2753d8d03e4e7c0d3d8103a069361ef2c07ce0588c3226f03a474f97b595de3cfd6b0b2b695ac676fed3c4ebf7a9628f9b3e7cf01e20acf4a89c762d97ad32db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
96KB

MD5
9add8a2d0968db9bfeecea90afe78908

SHA1
0fbad9c080edbbfafa13582c16dcdce975ad8bff

SHA256
1de5ec9db21d2c963b10fcea854a1cc1d0cabbdecb268dddabd4f2294687e644

SHA512
851859d5643d30089a470a289b515098c5c1c7b6a0a4f832c04bcd291af250ad1d63232742fde80f606d0f3d7b6ab6d36326f643407caec62ff67d5c9a56dfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
49KB

MD5
9e8361c00c4bc8c9c051dee5bfa339d2

SHA1
d36a51791035bf241d03661e2bbb0d13c837ef36

SHA256
e4d3dbd48148b13bf0c8c90a2319c3fafa42d4abaa9c89fcabb3585d986234f4

SHA512
3bd193a1ce0ac4f243ebf877d95e9bcb8aa287c46aa3737c85b80c0995de1ddd385d4b138718055a216f5949f0bcfe33e33e649c0982db6e8c56fcaa6b242d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
9c70aff04893e7398bb693a50b06baf6

SHA1
a939db73ce24511828f30cdbca4d6e1991b466ee

SHA256
c0ef2c22f32276e223e9fe9e0b21cfb092be3e46ab543f1c8990b2db9f94f3bf

SHA512
754b8db0313c63e59e8ac5cc9aee3e8467d7ae8d117c10f36bd1e331f0bf76ae6e09a9b07ce013fddf3f11129d421a3a79c7805d368d21a353d4c9d5f95d587c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
575db843eef525afe98e5706fb8a2b25

SHA1
5e522eac4bd47a9b50b94fc7e504b14e4710c3db

SHA256
7194bdc6ba0b1c08c82754f9afbc0c3f411031f1a363139d22b1be63e9d5506d

SHA512
8082df5e9891970158f094c7f67a976c743c4865d1ae551c6d97c552895de4296a379d1c81217d53c36d66516f60a635c7ce15b87c555dd587a2a55d19176602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
27c18fac125a09f2e5fb5625b7cbfc7a

SHA1
a65df9ffb4a3d384963522a0f982bb49339bcd28

SHA256
c47519f0c6b9e97e85229e4af92436e8ebe122642a27459adf16b35ee8f999c0

SHA512
58e0ffcd902b3b406087c28e8d158f197af82d32e1fb94af0a4554f6ba7cdefe09251c9e86b3d78fb726c047e59e0ca00dcfb9f7f16679820654fa4356423d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9ea672d71a59881dbfafb4512a149e19

SHA1
1ae387a81858b4af6c258a6f7a110c1dce6c3801

SHA256
8544e2ca1463d88b3fbf655395551d5ffe258442be1378b38bafc9b6b9f7015a

SHA512
7a51437ada1365f0395ff72810c8063f61f0ea3568a3cb1fa1c3a4a978abae26d163a385f270b529d93f4a95bc671ec650eba0962c90b94992072096bc7806c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e1bf54a0cfc97f4f9a8cc9601a4a7de9

SHA1
17696432bac1d31498a13c1065c8961e66783d08

SHA256
764c98558650b886d13053b7cd4a694f369f3cff29dbd1643f766304669c682d

SHA512
811bceea63db3c6b9183d0c5022a55f12928047e96c2666aebfad58449d83415fa34ffa6cfd9e95d44a7902b957dcc3e8ceffe2ef72d497264dc0e1ca4efb62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f5a9e36f74f33a56d1f14c5e9c63ecbf

SHA1
e49eb4533928b84f4db11a728a34ee3c6058f4e5

SHA256
9eb14aa2bca9fd78d8be3b5d4ce7936c480ba223bf7396bd83d69a9123db8e58

SHA512
8de025c6ffae77a5701a270ff16579ffd15eb206263e025739773254d28c01af992b2b74a090445ed81a8c456e0f657de41ef1d94f2c1e19216df71e49c28b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
fcca42442c626188d4abc6fbf3de55a1

SHA1
df4cfc8b98aac3a233787eb3bcb6bd889326fb8a

SHA256
3b3a0829080214b3d53c5fad84b856c950008e0791b652d9edeaac84e0cb122c

SHA512
2cd6b3f7e82950cc15079f95a51f9a0b850e6701b890b2d82d1b69cf539b8208d7547ff48167ff1e4eacfd7acc4257216051196c1612eb883634ff359e845066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
42f7dfb6d63012835b65e2cf5807c8d3

SHA1
dddb3e1c955f9ae2aaa6e165439d02b1f5187510

SHA256
495cc19f6dbc99f023fc94a5340cef6a227f275ead9113c30020921427d7033c

SHA512
4d99f666ba2ba5334edc4c7a29307a2b6923a3adc36bc776fb6cbc81f136f3e22e9c0318095ecf49ae1b8b3000e3d95a6fa9351a03f92b0842272f2cf523dcc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
019438b70bfa05493d0f8e3935ff7b7c

SHA1
ef728df7577f91631a28f1958bb9a3b3d628ddb4

SHA256
3beff7ab0efc57ec8389c2dc58e5ed71ba95c221144db0a63eb0476d49e60872

SHA512
737f52d945a3110dac36b0f6cee7e195cf119d791b0e6b01027482a24538a79a8139c5309580269a53fd7222d0dc92dc1a04bf20654d81d2a37b3f6f410aaca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1a45c2a143ce80581b24df5cc6d7e77d

SHA1
94e34babc519f07ad96652a8a41158a6b5dfa815

SHA256
3c47eb55369031556ef61533db506228dd90e17368745801fc58d23837221a5e

SHA512
e67a0a88ad7279115bd6900b6b9d11b99cd3c9d3b02194f19d1126d033d754680b8b4dad27287465a75cfb33257b53fddc48ca1f7d0eff5a12e40149fc87e01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b3cc1b663791f360d3411c14b83483c9

SHA1
b3ad564145a9ccb687ee388810135a45d83d6bd2

SHA256
343b019202b473b8ea0a6ee04194533e07b81f564cf7656de6833a3bfe6e01f3

SHA512
fc55d1b4ceabbd1dd03db0e9f10b5ffebc68e64116178e1255df640d2c277981300238d3204dab313e444720aac5ccac6fb23664c99868c31baaab80c861223f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
73d414bdc59cbe84ccf68844cadd98cb

SHA1
1da77b5bc0ad47c01886deebb1bc1bf3eacde9bc

SHA256
793ca2fbf22e591c367c102d75f4f35e58a5839eb49d6cc0eb71427e74d8a07b

SHA512
5fcc7a61a00f66028c1b861a94909085d101e188e2da0bd3f5ef41bc862ee9145ba2e6982a4a21fc124135462562aea2988a583da3d904ea110882910b94b7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
31b3f827b86b698c61f447e7e36f5dcd

SHA1
fc03df670da65e46a310962c403249989436a098

SHA256
dac59a04ed643fb2ccb403095f795666ea47588dd251822583895e2cfb718afc

SHA512
791531b16e7a76c76788061344f841afebd8e7546d9971e666ca2c9189d3cb47faa94d7c9678c3537425d070739fec2ffee28c4688cf1ac37b4b4f7d77373bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0bf2ee741a8e21c93656448c208b7eb8

SHA1
d08b971e2660288bedcbdf0344facb5570848f9a

SHA256
93e868772a9fdd2641229989c516fe255cd15b2d02d219fad7e9a25b5d4a82f2

SHA512
1596595379d9428f95983ed20789882c38f18a639695cb35f3bc2824bdee4a80b22a2ad57630dddc0f2432b00858ed6a685942f51db2f247496199f54727c7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ac0b2f9f882f6a37d28a9cec7c0de865

SHA1
2ee441bbca89dce835795aa55bc510d626b0b638

SHA256
deae48bbeae0dcc435cba9e9a53b0b084e930d53fd90ff6b107b8a6128c1e1f6

SHA512
02e7f6a82df6a4141ecdac763c6b37ca667057cb8063dae242f6815f74a7c3d0e110a96097e25c57c6412588f5856049577563c2790b44cf6af090101c6b316a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
94492b3b458aa833b64e0e99a6e222c5

SHA1
6d4e0a1b520e9dec4cc9abaa84aaf194328cf337

SHA256
242ecac5cf089b9568fa834cc3b6f4a93e0b8b1862ff9e20386d3073fbbad749

SHA512
ca3efb15fc2edcf541369d223abe18717cadf0ea8151cb6b694bb5dfd3a2c5efe21f1b557f8fee43f0401d98108d18cfa733c0eda95d3e6c3ed62123bce14bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
94492b3b458aa833b64e0e99a6e222c5

SHA1
6d4e0a1b520e9dec4cc9abaa84aaf194328cf337

SHA256
242ecac5cf089b9568fa834cc3b6f4a93e0b8b1862ff9e20386d3073fbbad749

SHA512
ca3efb15fc2edcf541369d223abe18717cadf0ea8151cb6b694bb5dfd3a2c5efe21f1b557f8fee43f0401d98108d18cfa733c0eda95d3e6c3ed62123bce14bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ef80fe65f985e522caa452795de93e24

SHA1
3ae193a2638fc30213c588b6d43ae70a7d9d468e

SHA256
b4e7e75194f10735d2e15cd286f39516be58e61b24a8563cab0bc5a33598b2e4

SHA512
eaff3b12693d021066608bfbfc987266a177691124b8489e33b6290e4f2d68c641f376cd25c9035efc9171ca04c6dd6e330e0a877a1327217c0e5a1a8a7ee074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c8002ca898bd6ddc0a7fbaf0681205a9

SHA1
eab2ae7614241877ed42cb0504e7f56cb216ea93

SHA256
3518b620ec64511ce6809de88ea821b5da647e510148a2c4e834d0312ff7f9fb

SHA512
f9087e2e77c38afc3f7ef8e7202958067900e4e1e0d20eec359fb392a533b0850b17fe3373ab9fa11adb36113f5d3c5cab76bdce7f09d9eb3b2c226896cf8d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
71495a40cb2975dfb5ee66bc37eaaaba

SHA1
f316a703a560abaeff65584ac4b60d5c0b5bcd84

SHA256
244b354df0361dcfd8c7741f5f87310d370c5fe12a25dd5b06b20e7a3e7fb92c

SHA512
442cadd967ba3867d218ae098ec70aa60c0fe8bfd40d2e1c65b4d668c212befd03100748397e79cd815e7cddb46d8f48499707b38f24b3bb14e05017d83b0160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
80c83db2148cb68380106702bfebd1b0

SHA1
7b637cdfa69043c5b7103474b1ec65b67b32a723

SHA256
8ec2e30da6516271b01360510675f7d4b51c4a2060150716b4c400f668fa64ca

SHA512
75d1813ab6d37f2959fcd348508fc84696f6dead54e1102c44007343c8ffa50427136e71cd09121a6a679b469c20f53823de9d83b66d9d757908c860392dac77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f879.TMP
Filesize
97KB

MD5
4da0a64bd6b00fc03fcc03675a2ffbad

SHA1
9eccd4b49daf2785948d2c26aa88e572f94e284c

SHA256
b5323be8d44924c914ac2c35dae1b8176d6a58756e94b4d229d7007dbf7b9a8f

SHA512
1cbba458a53d45d601a3f5615c1d9d055e46c6b24874b2648d83780ed3e912dbf0241ea7a921309be8853dea3e3c2170157a339730ad24823a7c1337dde5b79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dde03862-a8e3-4523-ae38-205f0961775d.tmp
Filesize
173KB

MD5
d16b385cdf89fbbc4de07c14a17e0f85

SHA1
8b36fe7914c081e49b29cc74050c0ce6bc71bf82

SHA256
5442de4d600c8512fc37a797bb5e503e2bb2d0d35109543de3b05b10183c1b19

SHA512
6f48d54a926163ff0b8da4ab91163c6d29011089db092238d82afe4aba7023ab576591b45f938bc061308caa0fe200447897ba43679c7488fd2420e4762ed543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\480JMPRZ\PCClientBootstrapper[1].json
Filesize
2KB

MD5
4b220deaf4fd3370c2b7ddbb2a541549

SHA1
8a198376e29b37bac2837f8ccedc85a583738ca5

SHA256
d40df69638475cba8ea684bd7bf6bacba879cdcb8ed94dcfbda7ded17af5e2a3

SHA512
1d5f193f9fff2e3147dcdfe33914be803a26dd131bcc3c65b9c132f3c8bcaa0fa2cc81fa9efaed7b6374775a8aa7efd20d13065de483210865742b056759bfbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6CI3IN3W\BatchIncrement[4].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZVGY841V.cookie
Filesize
244B

MD5
dbcbf6e7ab4f5861e9ce4b2a92f8a071

SHA1
0d55460b1849cf525ad3b587ff15a8129c3690c3

SHA256
37e6fa6f38cb16f7e5ee77bec38e9e69e2d159ac260859b9211a738179f3ec93

SHA512
ee73caaf0beb36b1b80f8d58037d71fbea7df9d6941c139758845012419d6b160981de687fc3e472b4a910121f7a052ff7935deb809b8f616072277baf8c91b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\KnoE3DD.tmp
Filesize
88KB

MD5
002d5646771d31d1e7c57990cc020150

SHA1
a28ec731f9106c252f313cca349a68ef94ee3de9

SHA256
1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

SHA512
689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFA350896BE0801783.TMP
Filesize
16KB

MD5
e9a55bcc5f2eef0af196e83487f1c6f8

SHA1
953eee4de501c98b4f57aa10a7e835c8e58d58bb

SHA256
1e5890fa0f1463cda33abc4d2db6900b03fec6467ea77c161649e9375a10f028

SHA512
f6f6b88262025ecc4d6cfbaaad0add7ccb44624ebf0d5d68b21df9823962694449d9ec7677fcf237ac0aa92784e1f5334dcc1f8e0f65fef68997a9ad56b007f1

Download Submit
C:\Users\Admin\Desktop\AddBlock.potm
Filesize
314KB

MD5
190d1db5959cba328ef4281f265d976f

SHA1
272058863546e3539c2e0fbc1dac8ec7d1f23661

SHA256
e6cb15a3dafa6bfb0366527fa421e25c3d97586c115e2f9d60f7bfdeeb977c88

SHA512
79b06500f707f9fd4b4accf0f88703cc2fefdfd58c0979606de77cb3d071859fae26c6593e2f4f65b52f0d55de1a1ce1c859007aea7c23da4e672917f963abfc

Download Submit
C:\Users\Admin\Desktop\AssertLimit.jpeg
Filesize
256KB

MD5
824b0736be90fbfc9f78ca99bec0e5f2

SHA1
918d4182a9138329e72049ef3529eea40d4091b7

SHA256
3353e699e89141d94c8a0a53ee4d1038a3253a9311db75eb30204cd7155f0f79

SHA512
dad20a86cfc3c00c368ac0d8ec86adeb5db3260bef23081df72f98b5c9ee1dd88a5d167050bd30520305049bb5ceed5f8a7394ff9fe72fe948f7b1399d002782

Download Submit
C:\Users\Admin\Desktop\CheckpointInvoke.contact
Filesize
285KB

MD5
1661d9807d4e5fdb4c15ea60bb0ac136

SHA1
224a13883827002fcedf002789b9bb14158bd2bb

SHA256
858f54cb3e5c379cf62c902b7a0ae28adc73756a0174a78c4e95c6ddd073391e

SHA512
0449162f2381e26340576563ec8847d84fb6e87bd431cc519cceabbb441091bd429646e56b19003621fb6f05e6abdee57703062d268b597a8e44c40daf10ba95

Download Submit
C:\Users\Admin\Desktop\CheckpointSkip.xlsm
Filesize
140KB

MD5
f3a235a9523edeec547dcd2fc686939f

SHA1
1ed2d6c40d534170daf0a67b83d796911061bc57

SHA256
bcbf0627aa6830a7489c737bb54e725635cbc554a320251d27bb29f41e355ebe

SHA512
4557af7592eb68d10484a02633d1da9354df271541e3318ad89a5973aa271e67af11b56032b2c4392eff60fe98d015675b3b38ac9b65a9109510d6ccc5e57e8f

Download Submit
C:\Users\Admin\Desktop\CloseAssert.dotm
Filesize
130KB

MD5
bf85e499a0b3613df7c757f8735b095a

SHA1
cf7d9cddc13721c052aeef035e8fe3f8f14cb8b9

SHA256
e7cdb8f2d65f23a011d9618c31498dffd94c7b5fa309b0ff2e9871bce29e3709

SHA512
acb48c793e4844e4dafe7b0a46083fe768fe6a3fffae4e7163ad7f6341db09ed16f797bbc630f94ec1dd0b73771095eab712d87b40b0f62b6b1cecb838a016b1

Download Submit
C:\Users\Admin\Desktop\ConnectRename.htm
Filesize
295KB

MD5
67a932eb1abd0a205f6b41f42fc899af

SHA1
2241073dcfabb68bb7708eabaa3db98c1454606c

SHA256
f75b98e4f08790ca5ee66c014fba16c3b2fd5f8225e2a92315a633ddef7d9635

SHA512
088d81063cb3a0456ea1c94ad4672b6c3626d2f2651d3f5be7dc8d581405877ed83f6bd23de7243eec885d4aadaf7471814cf9566b71b08ad56cb71c869a171e

Download Submit
C:\Users\Admin\Desktop\ConvertRegister.odt
Filesize
275KB

MD5
18f1b88a99d6c0ce4be7133a083858f1

SHA1
dda85971ae3febe05a22003c705041bed0856cc2

SHA256
04659b9c7b048ef84a61c634b0416b03b749a3db8d825a136b992da08c7684f7

SHA512
cf3a417057a70597747afc8f08a20df2638b103472a652bf7ae3b5a398eded959b41425b4ee99bd4758871b8db22151480ee281d49cc85f79f8789aa42eefad7

Download Submit
C:\Users\Admin\Desktop\DisableMove.7z
Filesize
111KB

MD5
0232e13a7f6ec60aeea12efb608d4ba5

SHA1
d980eba4d7ce6b3ee0cc91c3401e99b7c1d5cd1b

SHA256
9b54808cece58b3198a56bd8cbf36ae4e05bab0bdcd37a1d108623824b3b1ddd

SHA512
cf34730d775743e1e0edcd4e702bec7d15ee5de9cf6b649ab5b3121e9b1637a615611379063f548d6bd8f9656ddc08c191cc1a7d4409178ebdbfd8a233d2e504

Download Submit
C:\Users\Admin\Desktop\EnableOut.xhtml
Filesize
237KB

MD5
7fdd9a008d332436f0117dd9e316e9c3

SHA1
5365fc4fbab2a89ca6fd52843474ba2731ad4236

SHA256
a2cbef24c876fa9cd1548ab38bd15d102732515eb3312f1188905481ee8a48e3

SHA512
a0faf331a4a730d7736ae1d5170bbb15e6ede7df95ddeda99e1c7a7973feca3fb82ab04bc20df70466c0bbf424fc8b694db29e2da180a51f4e1cfd45243eeb28

Download Submit
C:\Users\Admin\Desktop\EnablePush.mid
Filesize
159KB

MD5
17f7a9fdb54de70edac16e6a61067e9c

SHA1
0a13328a2e978ec74c9c0464ad788fd8afd3f84c

SHA256
687ee0c3355613d4b6f4c6820b4fc56268b035b85157bb769d5b86bd141b2a1f

SHA512
80394126dcde634f56bb109fc7b6996fc211a0fe8baf4ac63630e7edf6a18147369e8e55a1aee4c7cca3ea7ae1e0c63a92330143c7294a59ff00e4ff2b19c3d0

Download Submit
C:\Users\Admin\Desktop\ExpandWrite.docx
Filesize
304KB

MD5
fc942ad7947e4de5f05bf9802029c86e

SHA1
0d991a82299f53ba2c6b90f73a8e88a06e45a645

SHA256
018d890d9246cb40002d14e6e34382b6e46e92f7b3cccd799570dd21b0db9fee

SHA512
9757d0f1e879ef1a596c512a2217bfc49662b7f50a6daf34c32eaf9fcdac3aaf39436411e5b5272680059f51ae67decd51b7fe3d8d0ef3b158697abbf253d0b2

Download Submit
C:\Users\Admin\Desktop\InvokeLimit.xps
Filesize
179KB

MD5
80c355683f5936f78b20735aad42baab

SHA1
86417f902780dc9db86af171a42a8a42555acd98

SHA256
0c77c51f5e77b174f8d9c939e82802145927537dcdad902f4260395530652bf1

SHA512
e8c65ac121d12d95805d623ba1ab0d8bce2beaed29bf5bd67506fa2dd2deea9bf20f24f874fffdd7eae2bf9dcf5e2e55979172aace91fb702c02c950fbf2ddda

Download Submit
C:\Users\Admin\Desktop\MeasureUndo.tiff
Filesize
217KB

MD5
8ad7c9eef8d5222862649d0170c116f7

SHA1
a6f42b498d010f9195cc26548cde184f87477ff1

SHA256
73546722070b8b1a722357b1f3e41b2fec99c5abe589fb94293cdd1aacdb4d66

SHA512
d6a9841712e7d8190bce6b02def3619409f067873604583a231cbc6da054311369757b5c3db2869e9394097c25b2435979a5bae849f9c37a9584d59615d964ee

Download Submit
C:\Users\Admin\Desktop\PingUninstall.bmp
Filesize
266KB

MD5
d3cf05e0dc02bf544a946398a97a416f

SHA1
b720831e6fb4cd682e0684f9b6da01354e1a4226

SHA256
7bbda0905a4b02a559dae147aecb46df10298d4810a5bea37e8f29a4a42f916a

SHA512
2e2295b758b52b9e2c9d416b4c401924634107af22b969ce09672ea5a33cce66adc3b2a52362b318ce4b0d7305f9b0f2a14f12156687839fc4cdfb351974d002

Download Submit
C:\Users\Admin\Desktop\ReadConnect.vdx
Filesize
435KB

MD5
7040c6fa659a83b9a188e8110ded1a4f

SHA1
64f1c46a1154b4e141ee824bc5525252ec19d4be

SHA256
be063a5feb0a4ad08a72ea2c1d112468fe4d3d836e8dcae902afccd6676d6736

SHA512
d6214357eef5c0ebff61696203aad6d2082c8ec010f9f1394553db34a4bd9ef8c2f52d6b325ee56843f81f84cb025884bf85de34b5d478d054a20b31b259ec91

Download Submit
C:\Users\Admin\Desktop\RenameDeny.odp
Filesize
188KB

MD5
422c077b57af4e9777b47e48b9921165

SHA1
27e4ca59b49cb06ede2607bcabab30785ef6c40d

SHA256
1ac7f5203e6e22824fa7d97c60fb4323cace5ff5d8f8a1c8ae8e59b845abc831

SHA512
587c6dee1a0c0e0e6c9cb558a28f14e19059b5b13cb32f1ad8e506f93d6a01361e0d1f4ccc3e07cadc65dcdd595e8eae28bbdd1b12258ca2d7f0c15b66cfb618

Download Submit
C:\Users\Admin\Desktop\RestartCopy.kix
Filesize
169KB

MD5
0cb69fe9dcfaa4332692a5b2b044578a

SHA1
49e7c2b92eaece82497a572c6abf7f953d0a0ab8

SHA256
f88339908ca71ea40248e299983da22eccfa8dccb6274fa730e02f28b7f7b8f5

SHA512
6c99bcebd32ab0a6b44d582973357aeb74b7e2872b478383e5e6c0c5b8ac047578732285aff2da0d46ef3fb3ec89e7603ef189236b54029f095a2948b5c8e9ba

Download Submit
C:\Users\Admin\Desktop\ResumePing.mpeg
Filesize
208KB

MD5
6bc2d6c701fa118f449602902827bb34

SHA1
80a99a957b5d9ab3f7b17f3c5c447c7441c75b56

SHA256
f1cefd2e3f00b65745e34240c503cebd6242969573bb53fd766bba7f1b5a602f

SHA512
4e890248d4e3e40ab3ad461bba1d07419d3e9a79a607a0452a4f8bcfbfc6c051fcf3b0270da1116e576842e20f68d9b9641ccee12b490a5a787ff07070d77fe5

Download Submit
C:\Users\Admin\Desktop\SelectRestart.avi
Filesize
120KB

MD5
129d43db7820a4491bedceb5825b6521

SHA1
0645eaa25bef220a4d388c0d7dd992f1935ae99d

SHA256
1b0ed35cc3d8c23f1ea80f638d3aadec30e9b5425d59e816c477d75e321fa3ae

SHA512
14a0e2e88654ae53a97993fd2288893248b0fcf543ce7017d68ee436d0c017c3daf88ed3c49c76a6a639b212670245f6dfeb58e13b0d41607ae54688680d71f4

Download Submit
C:\Users\Admin\Desktop\TraceSuspend.crw
Filesize
150KB

MD5
fbd78199fd394b585e8515ad8a29909d

SHA1
af115eb0f11f07f6d5dc3af2b75ee453d0f81d2b

SHA256
205fd808f589d4d6f7277c521aa7054c2361ae0140ff1a78406fee400774a325

SHA512
4981b798515954410df7605b7adc23a10d3c65afde2a353fa3f99960e8efbc3409a5e4231cdbdc764d92cad7c702b4416afed63ca5305e80f021533c8ddb7728

Download Submit
C:\Users\Admin\Desktop\UninstallShow.dib
Filesize
227KB

MD5
38b928df40eedf58df010768b336bc40

SHA1
866c8ee4844678f0838bc47ad1a335279057efe1

SHA256
4ad60cd267d17d402a18242958bb87111edb592feee5bd0bec3044981b8a246c

SHA512
db0b5138f7c98bf7e7e6a501b6fa1f58a43e9e80af517c6d425f739530e3dff399f3537ad7b93d279a0ea775ff183644efeb794794cc03353190ac2487fb3343

Download Submit
C:\Users\Admin\Desktop\UnregisterApprove.docm
Filesize
198KB

MD5
b2d8e10a7f4d11ba652818e08633fd7a

SHA1
6389beb7ba1402fdc01714dd6210ebc5a4ab14ef

SHA256
89e9a0077443d32c6d5a69bfd1920f98f1475cb3c2a24cf584d2099f755e0c09

SHA512
9151b0c9e0c6b01716985a352f6c9f887e503606eae9710fc1c8647f53534d3bcbf3b6c918f354f650ec2b3844b56a1a7c5c0ebc139b1c47fc814c05b26885f7

Download Submit
C:\Users\Admin\Desktop\UpdateStop.wpl
Filesize
246KB

MD5
1643c6b3566141d3c5e562cacda76139

SHA1
49d0d65b629c40694fc940a2c3689bb7201db0c3

SHA256
dc8d468364a58d4e676319d6c8be07e919804b144d0fc39639cbaf0bf5167e89

SHA512
72fa692e88cd44f8605d6d63341c39049b091782cf8bacfd6f522d9fc7c1b15b557fb46e3a4cb99050cd432a099b62f18b05223ea9e6551fffa83d928d997015

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
d6c2cfc9a4281c20949ee4b79bb9d2b7

SHA1
605e2326a88ebdf4ad278decbdf698d3aaa3a77e

SHA256
f8d37f62966dd75100c2d3f9d8ccf73ccd56206d73284feed6b78e4a160bfc33

SHA512
f5a49f236fddc6f03bcd48197d226dc0f28cacfb5f850e70d787f0868653b88eeb5d6d4e59370eea6220689e1e2faa3873ace8c9cb475c06cf1ee9b0691b4c06

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
1eed3b78c46b220e4ead293efe2b742c

SHA1
beea582aa6cccaed67082684908da4f5a6767611

SHA256
4401c468ed4c03475948cbd38885cc30307cc4bbb207ef6daeaaa24e93fc2510

SHA512
40876505c1e0978c9ba7145be60ab46e9978876931cc10a0ce3432672ba97fd5a1d632988be6a547f51d0c78801e4c383dd625f8f422be1e771eff949e007060

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
31a29d25e99dca3c1e74894762ba4692

SHA1
7bb5c7928d672a6d877a7366eeb7ba2291e2a9d4

SHA256
7b01271ea611c82e59479f35594abd7c166c854bba8085bc539ce9a26d9261db

SHA512
e94bd7909f2633b6d6c083109e1c2a6a92d83cd62290f40b0d1f4aa6c2caf5ff3497181ab79dc09aa52613c0176d574cdb5c9114fe4c97eed25b404c6016893b

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
cde67c1f83a4bac8b46f7d1ee4175139

SHA1
6b534b7e46ed73fab877a306f4e1ceb63adf311c

SHA256
56a3aaafb4178bc77a58ca80bc5938c417f388d826060e15ff8ca8e4d4935f08

SHA512
c4441822a9280c51c8e5edafa4021348f0b521d1573cd8dbf419af601aa121c768244289d85005fea55d3cef2bc7e30e928d74bea9cc0e56c0bc09a7d0a6dc12

Download Submit
\??\pipe\crashpad_4412_CODLKWVYEGNJMFOQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit