7581285ec0da69e24a16ce5f53382fd7764a95fec9b073104ae6092fdde6abe7

Analysis

max time kernel
769s
max time network
1763s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

74KB
MD5

0e1228e883c2034782a3824a204535d8
SHA1

5a5057fa0f75c0cb94fd268f06b7b96cbffaa4e6
SHA256

7581285ec0da69e24a16ce5f53382fd7764a95fec9b073104ae6092fdde6abe7
SHA512

c67ec6c705897f1575626a4f8020f1f5f7dd99e461a047afadc84a7fb7845070d1672bd436e9c064df939e6f6a92e4c5b97e681c49b55f7d70e79ab7c0fd91f9
SSDEEP

1536:qqmOYukFYhQ08KQkeSzNBNtsYJHTWxYKQIE:pmOYukniHTWxY

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 5 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

pid process

2180 RobloxPlayerLauncher.exe
1952 RobloxPlayerLauncher.exe
2024 RobloxPlayerLauncher.exe
2304 RobloxPlayerLauncher.exe
3032 RobloxPlayerBeta.exe

Loads dropped DLL 21 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

pid	process
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\ContactsList\Components\ContactsListEntry\ContactsListEntry.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\TopRoundedRect8px.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\utilities\__tests__\valueFromAST.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation\RoactNavigation\views\RobloxStackView\StackViewOverlayFrame.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxAliases-4b477b13-e5753ce1\RoduxAliases\RoduxAliasesTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\String\String\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\TestUtils-edcba0e9-2.4.1\JestTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\tutils-aa9a0351-0.1.2\tutils\deepCopy.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\AppCommonLib.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\InGameMenu\gradient.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Expect-edcba0e9-2.4.1\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\Actions\CharacterAdded.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\installReducer\Players\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxSquads\RoduxSquads\Actions\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Fetch\Fetch\Body.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\Promise.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Components\EventTimer.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-24c5c11f-f6df649b\RoduxFriends\roduxFriendsTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Utils\isEnum.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialModalsCommon\SocialModalsCommon\EnumScreens.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\sanitizeForRichText.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\PrefetchProtocol.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Components\LoadingCarousel\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\SpeakerDark\Muted.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\ReactTestingLibrary.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\type\__tests__\directive.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-aa874f8b-86a611f7\RoduxFriends\Selectors\filterByKeys.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Dialog\Tooltip\Tooltip.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Navigation\PrimaryNavBar\HorizontalContainer.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SharedFlags\SharedFlags\getFFlagPYMKDontUseIngestService.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\mock\mock\Matchers\toBeASpy.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RequestPipeline\JestDiff.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\TestHelpers\mockStore.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Storybook\temp\StyleSwapper.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\fonts\families\RobotoMono.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\move.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\InfiniteScroller\InfiniteScroller\Components\findNewIndices.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-3.2.1\JestTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\Core\Layout\Grid\GridConfigReader.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Components\EventHostedBy.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\luaUtils\arrayContains.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestGlobals-edcba0e9-3.2.1\JestGlobals\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\ImageSet\ImageAtlas\img_set_2x_15.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\2D-Collision-Matchers\2D-Collision-Matchers\rightOf.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\displaySystemMessage.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestEach-edcba0e9-3.2.1\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialModalsCommon\SocialModalsCommon\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\AtomicBinding.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\TagUtils\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Flags\getFFlagFixClickAreaOnSocialTab.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\meshes\torso.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Controls\xboxB.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-90b08185\LuauPolyfill\String\slice.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxSquads\Cryo.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoverabilityModal\DiscoverabilityModal\Networking\FetchUserSettingsMetadata.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\avatar\compositing\R15CompositTorsoBase.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\MaterialManager\All.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingAliases-96003ad7-1.12.0\NetworkingAliases\networkRequests\createGetTagsFromUserIds.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Scheduler-07417f27-17.0.1-rc.17\Scheduler\forks\SchedulerHostConfig.default.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Analytics\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\FriendsLandingContainer\manyFriendsWithFilter.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PlaceInfoRodux\PlaceInfoRodux\Reducers\init.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\ProtocolExecute	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies registry class 50 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee419000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exeRobloxPlayerLauncher.exe

pid	process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe
2180	RobloxPlayerLauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

chrome.exe

pid	process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1480 wrote to memory of 1804	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1804	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1804	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1408	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1608	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1608	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1608	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1316	1480	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6aa9758,0x7fef6aa9768,0x7fef6aa9778
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:2
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1684 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3572 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:2
2⤵
PID:112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1568 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4208 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401c7688,0x1401c7698,0x1401c76a8
3⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1152 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3324 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3432 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2104 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1992 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4356 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=684 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2880

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:2180

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5bc,0x5c0,0x5c4,0x598,0x5cc,0xc3b480,0xc3b490,0xc3b4a0
3⤵
- Executes dropped EXE
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2060 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3388 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:8
2⤵
PID:2212

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:jinVRF6gZTDHvYeWVoFFQiy60bGp4cOoCPCCROTq1Q7Tyk2P7GY-eCODOSd_8OpXIh8QiU_B_PZMRsIr2jL79o2qJcR_z1DOt2d-94qSAz_NtYdAlg_3YVgwVBqfCE7cAZQmr1eht-o3nzPnFfOfulnSUuT_8q_Ba6GQaWWXpO_YyZYgZY9IaV-1uvfOBJowHO13PPejCEWZjGH1qO7b0oHi3dS_k9H0aAJ-e-z1UwQ+launchtime:1680301695444+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167645587221%26placeId%3D6284583030%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D13bddff0-523d-4e27-abce-8a6ae9b2eb66%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167645587221+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:2024

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5f4,0x5f8,0x5fc,0x5d0,0x604,0x6bb480,0x6bb490,0x6bb4a0
3⤵
- Executes dropped EXE
PID:2304

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe" --app -t jinVRF6gZTDHvYeWVoFFQiy60bGp4cOoCPCCROTq1Q7Tyk2P7GY-eCODOSd_8OpXIh8QiU_B_PZMRsIr2jL79o2qJcR_z1DOt2d-94qSAz_NtYdAlg_3YVgwVBqfCE7cAZQmr1eht-o3nzPnFfOfulnSUuT_8q_Ba6GQaWWXpO_YyZYgZY9IaV-1uvfOBJowHO13PPejCEWZjGH1qO7b0oHi3dS_k9H0aAJ-e-z1UwQ -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167645587221&placeId=6284583030&isPlayTogetherGame=false&joinAttemptId=13bddff0-523d-4e27-abce-8a6ae9b2eb66&joinAttemptOrigin=PlayButton -b 167645587221 --launchtime=1680301695444 --rloc en_us --gloc en_us -channel zflag
3⤵
- Executes dropped EXE
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1064 --field-trial-handle=1204,i,18222781866264679398,11678578624243669677,131072 /prefetch:1
2⤵
PID:1536

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:BtPDfW8lJgcD_gLITl87OGDonCyRT9zm99zrkLtec45Ch4WuTs-5DKZ9Q3lhXYnX3WUVZiF_fFJvEyp35m1q0sFGkHmRERkuMkR6Qi1LJ9YDLP76h6Ghm-NUiXaDiTwcWHZuibhCXm6mJ1bW18hKQdzdrhU1DGZVCKQSBTN44Rx6wDzhxXcsYjkrKXcOTFCa3kErboZMejlGEAYIerje3h7AXKgZ2-ALAJDOK8f58Nc+launchtime:1680301707896+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167645587221%26placeId%3D6284583030%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D11faba23-b646-411e-8d3e-f655eb4cddc6%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167645587221+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
PID:2856

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b0,0x5b4,0x5b8,0x58c,0x5c0,0x6bb480,0x6bb490,0x6bb4a0
3⤵
PID:2952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1500

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6aa9758,0x7fef6aa9768,0x7fef6aa9778
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:2
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:8
2⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:8
2⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:1
2⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:1
2⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1568 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:2
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:8
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3688 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:8
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2244 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:1
2⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3380 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:1
2⤵
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3192 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2144 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:8
2⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3572 --field-trial-handle=1308,i,9850418289935619555,3205193982536716098,131072 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1964

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:2808

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5bc,0x5c0,0x5c4,0x598,0x5cc,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:1724

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:1796

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5c0,0x5c4,0x5c8,0x594,0x5d0,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:3036

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:2504

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5c0,0x5c4,0x5c8,0x59c,0x5d0,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:2480

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe" --app
2⤵
PID:2460

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:976

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b8,0x5bc,0x5c0,0x590,0x5cc,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:2420

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe" --app
2⤵
PID:2124

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:2520

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5c0,0x5c4,0x5c8,0x59c,0x5d0,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:972

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:2576

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x58c,0x5b8,0x5bc,0x5b4,0x5cc,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:2080

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" -app
1⤵
PID:2512

C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b8,0x5bc,0x5c0,0x590,0x5c8,0x6bb480,0x6bb490,0x6bb4a0
2⤵
PID:3100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x158
1⤵
PID:3252

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
2KB

MD5
76cdfa1e64786cf8a512565aa156d674

SHA1
c34fdc21105fbc45b3b7b2bdc56a22e3806b3b9d

SHA256
4d24972297733d46782d4bb9ec3095429d308ed0598508eedff9b6b73e49f909

SHA512
ce1266af7dc4661f200f33268adbdf57ce5454693068d966fd12066d2d9acc71b4338129564350a49effaefefbd25b8483391d63b0b870f1d5625e880279fb91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
9bf77ce85a5a981d86a0f7a4672ba22b

SHA1
62fb7e9f8b763de11a63a156c847e7df4dde7fad

SHA256
44ed3a7243fe9995a4439683d11971670eb00101c3832ad30db5242560b2b354

SHA512
2ead42546c80b3dbb87ac93f1324c85fc0bfed5a7c51a1217993c18d43886a9e7580a80ba9a2b6ec4c7eefd23d274fce561845ab508b427afc906ad594f58e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
472B

MD5
ea599180805480f5f3c4a5aeaf9fa5ed

SHA1
3384c93bf6926b7141c269f9fe5a3b45ca6312dc

SHA256
57b2f1eb3795614be85f623ac1efbe436502c01c280a955f34e7b9725cafcbe2

SHA512
86a55bf900e39606afa9765d7f02c67f8ff88f12db14718f159f8d462590f30831ef621ff1dc6be6a57ae962fccf4eee78b6d318f784bc1c6622ba85b3a505b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
1KB

MD5
6a3b8331e801f083b403b0857ed8d574

SHA1
48d275731f1dbd0630d1ca55a1b05f149a011d1f

SHA256
98651a2da4a4613bc2a03c4128926fe6b05f1af8a7a21e1fedec75db013706a0

SHA512
7527b8857707c8822e4b7f5049ddc9b4c49933e68535690746d84b7f0187a10f36e874719bdb1bf3ba8b035568a7cbafd687b80c4621dc35552d73f7e497071d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
488B

MD5
211449354c6b4f763f2fcc174ecb2c01

SHA1
94f586c72637acd07690cefa530e527db6690868

SHA256
c12e9e3a33fa33dbce309e9b4ff68b3a062f6ca391d46f390a18cd5ebf911af2

SHA512
24f93f33f516747ed7c6c029d26003ecafe0b3d44d0224fe3770321d8ace88cb52728648357cc54e7e8639ede24fc3dd24e820ddc515f5ae9f7eec5d7ee0b695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
6c5ee5d6a4b8b28fdc099bc5df33b58b

SHA1
dcfc1e0dd65a8549b1d6ee117df92dbb26e02467

SHA256
99c913768f58e201429d8cf0e1a52be9210761d4f248389e9fbd31f6ed2d1b97

SHA512
2b9f63ab71f480dc58ba1c7908efdfa49a8ce619c87743ba73d420e9b77e615663e39726e683e875953646ba5f8d7cd5349b594008d36f70bd7772716426365b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
496B

MD5
2579689fb4fba098883ebade043cc473

SHA1
e0fa40679ae43ba5d3f2cc1e1c1f526011d14588

SHA256
0582809ede4a5a9383ca62c4ae4b6137293b89181fb9e98d93592ffdf61cee10

SHA512
3081f3613330c5ff11da1005212cd3e79b0db5a0133f30d6fb52fe93a8dddeae41ec06e4d87f5263d8b5f04c619b96195c20a096b86124bc5453ce3e57da6f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e0a3f417ade9525fb264b3db3f4212be

SHA1
0ea227c6feb67cc01e45942d45b34586fe09baed

SHA256
5836617a365d57650bbf7a071df5f71a08f11785eba855eddc90c8e2376f5d6b

SHA512
5881e1ebfffdfa0ebe31f40ea237204b84847680338055fe775717e34f2dc9d8cef686db732116c80a6da55fe2424fab61731b43a376bfbfe426ec9ff82a12d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a3457102ed7c39c2bef13ae200483a3b

SHA1
82b6a5be8b005ccf8de3ac4a720c510cad86e181

SHA256
501348699366724d0cff1ec4b100210c56602fc80bf06a7b9700d12bc33bc7c3

SHA512
8d0573e8fed187f95dd20281301dee2f518423c90eb82d25823fc121438caaf9a990145644f933409ca74e099461a6cfd0ba486cb333f83b0ed32b8d5a84ab62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9b6625dce0729fad6f5f4e9d5023f85e

SHA1
65b714a051e79b16c07ac995b9971ed76e8e39ad

SHA256
573fa78a35a7435031ac406405488a39d5ea22acf5b8142a598ab3cfe9c60b77

SHA512
c0e7edb1b7ffc396357661389fbd3ee9dd23cc22a54a53eab1cf990ae35a3c6e688994d16b419fa6a9690567636bba576a9bdd0a993dab2a9c4a1a0c7ea68ca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
482B

MD5
d155b3dae17bdaba99cca0a43d4256b1

SHA1
8e60f6ce8577f9d5c1accc64a2a7c2a3349aad10

SHA256
864e59b0c41bcc896c91035a7dbf17c7db0be4114133d5fa4acc004db859124e

SHA512
7de0ca8ffce904535bec79395697d6872d2cb503126dfde9f93c0178f6be34c9b174a1d37bbcefb5aa9cea0e72aa24b707abadf996b9049a2e6a9a4df13db47f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
92e2ef2471c7ccbf2a7cd50ba6fe59a5

SHA1
ff5ddd04c49db640458d15a803bf2e77121cefba

SHA256
d844c8563c2dc74662a25fb10ff920fa11b9feaec4d3fc657a8cacb1bbe2c2fb

SHA512
da18fbc1fda79b9a6b78d11a249c60822a5b1acfa3cb89c4296b08d3b299e800af1efd6dead154c2cad719a97e1e17a680212eee4f8acf2ec7008938dd21b9c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
aeabd25fca7c96372c56111245a9a67f

SHA1
c5ee4e0608b3861a26744849597792f897755d77

SHA256
72269ff36cddf4669994c7032e1831aafc04284d84a084d01120fe45e72ef39a

SHA512
028405ad288ff9661191c01fe60e91878d859cbb1864c145f394327334310156a6c2700a0338a2db9eeeddbb746e1b5d95b097d2b3316def0f813859026ca1a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
3c812bbadefaeda7df7345f6958faed1

SHA1
a6c823e0be9959511edb22b0f688cc8a11c8bad6

SHA256
d18c81d97b8f878be662846e6eb255fe0290229798afc28c990a7547571e1c55

SHA512
adee9c0ad0ff93f3a2e6d504e2053d65bc7c32a92cb3a0eeee61f412ffdcc33263098a6e19363a36dee736ca7ffd3d4e206a7669aabfd3484dee6dc09d1c318c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1427b9fc-88f5-4763-b229-9e287b2a89cf.tmp
Filesize
173KB

MD5
809d360bc1a2376c1b5ccc0ef774e1af

SHA1
93e722a65cfc8291324c09a1f190cad7569099b8

SHA256
9740bbe868df024293229a33296e40b7f3971dec02e86a3fee1af734fe450e24

SHA512
b0ca2f789f2b136eac2af6527d5944cf6bb87a882b93c58bcbc36e2857f129f3846fe04a83ad15d74c7f3f2f2aa8def99de1712d198682f34f77231153fd851a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5cdccae8-629f-4c5f-9568-61783d29a400.tmp
Filesize
4KB

MD5
1760bd04846ff385f1805236eb128057

SHA1
38e898b302bd057b615af91fc35e2e3260ae3a57

SHA256
c6f9f3667f2359690aead961acf5b304a87701537ec1b2056d498955db269851

SHA512
cf62635d51856c0f0d443530a09d0cd168f1a289fc6bea255d5a9d002cd4d3e6bf3f2dbb21af67f0b5908aa97ddd6ea9a5471aaa3ee674ff21dd5e0c175645e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
96KB

MD5
9add8a2d0968db9bfeecea90afe78908

SHA1
0fbad9c080edbbfafa13582c16dcdce975ad8bff

SHA256
1de5ec9db21d2c963b10fcea854a1cc1d0cabbdecb268dddabd4f2294687e644

SHA512
851859d5643d30089a470a289b515098c5c1c7b6a0a4f832c04bcd291af250ad1d63232742fde80f606d0f3d7b6ab6d36326f643407caec62ff67d5c9a56dfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
49KB

MD5
fe9f188f542db88be94f8f5de1c2c349

SHA1
3f4bb12acc56717e5eb587f076bab0fd5ac0a5fa

SHA256
9df535c5c54a24f27d8cdc4c4ac5d7bed2dd874d422f67953fe3748594af970e

SHA512
88f19540aa1ec3de63a0b2ea8a7c748ed65c518cff4ae0780a1823b36d1e83c7243c018192a5d887e7a32b9e5b707bf7f9a6d7a1d5c0d04df3eb47fa0cf161ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
e610f83ba365535f73a8fedeedb330e7

SHA1
61e54258e5f6d4143faece76d0ab8fe91e60358f

SHA256
fe7fdad3cc620c60110186bbc51062be3545b16acbda497bc8efae70852951fe

SHA512
fbd8445093a1cee76ba4727cdad3ef560a583a0b1618c1030175bb5bb24be16e3b6636c3e0786a8809ae4a5ed50ee20e658dd65c15c203be0fbb5c7e0b270732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF7519f7.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
bcda47ebcbfeb3f018a05d0133310f68

SHA1
79d7bfcc710e27b1e4466471e07de1fb70e83827

SHA256
4a77a491be14a84239239fee4fe8bf796f27174779e4da67b2a2cc282e7aa8a3

SHA512
e03315f31923cf8ec14761447f046ee73f88fdc6913f77e460430fb0c9975933d3547ea469d369fd4d763c8593d3125785da847ae1cf08829f3587f201cd33bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3fce813bd663d93fe3d71097370049a5

SHA1
fc81ffd178e2ac1af29fd99014082ff3304e76eb

SHA256
cd925286fb78d58afb6b083c1acb6a2bd56fa7c31bc8d4a6414ec069711c30f6

SHA512
2199e6ada910f5e92176119a36c081d8010ab78f8030f044518fc77ff7028d63f3853971ed260b20ce9174428f744a774e34705af5a665a24106dbdad1ccd370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
4dcc15dfa1ac650024860108dcd9de1b

SHA1
eafa1b33aa152826b6a12dc0236a5904443d847a

SHA256
0a93ae9e773ef0db4fbb8d5f1a3bba18085889996514e7261f5cb69865fedc90

SHA512
66ba44ccab610c4e73453b58314405aa0127b7bc1412c6842632f31f7764844e840bbf01ace2e95c469a8e3a9b3856f439e2c1a80f3c973d9f0fc657cec46f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
060c0f105372ad4266e79d07ad0ba7f7

SHA1
90eb3b7c1934af886a765ff1ea88e5fa59de3c1e

SHA256
5eed2738b03a8cd382ea8cd61ea89019a8438d6f6c9133f09bdc9d6417df3b9d

SHA512
c407798fe7609b46bee759345a583c3cc60b5c904472664695ff7a41820906e355392a1c29ea61d59b75d6c1cf55129c264c35529d1b9ef630d78349dd8e48c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
e9f7c3fd1eb134ad152e0d513ead203d

SHA1
d8add23a1b1b9bc8b7ce35e892fa1ee208920b23

SHA256
54526ea2ea410615efdcd776399baac1de77de46fa21eb8e1623d8f3d99fa89f

SHA512
1cef7971294dd0970483b5355831d8a487ed681a8fb09d9473dd4dcf6cc4b079cf153489a5662a3bde81ebd177c0838c6080babac342c56cd6d16f96a6e93d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
457d1f445f4d9667c0337dcd2f98865e

SHA1
a01a1ba3df9f040c806f883e5291d31fb8a872a5

SHA256
c40e106e6e0d53cfe18536413c07214ddcbccaadad458a99ef255847d32b70c5

SHA512
0151541762070dcec5f7025801d9717d096c2587ce482925b3a6570998a65f17a27000776caa55ead30db74dfeddac6b85685b129612630f0aae121d107075d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
54d312d74cce338321bd0021be5e7573

SHA1
e8952bd7b74da7cd158414d25510d90bb510abf1

SHA256
bfa7f64e5f3f326eb7e61fd87b72fbc05d2f581dadb545e5e6f76a1814f247f7

SHA512
381e95a3aff7770fc17bd2336a1ded43973d455107598ba87ce5ab594ff97c38571ed1cf9597f6306e51377e802a6e342f7c1d57a2545f6e1524a0bda9f7fa93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7b537b5dc0280d9fdcd9e17d2764268d

SHA1
6effa53841523a2c4b28e4c8eb7019db304387fe

SHA256
7a89237aba1fba8b1f9b078814f2f26d9e1656903de717365fa39fe0f80bc6b1

SHA512
94ff53185add0f0bb65c99042cb7d2d4f6b920253d4d3d86e0726591cabd00ce4c859942c798ee866493552d6dddfe271bd75eb4b5077f36495717942a671785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9a1c8b921a8066ab3634d73f7c02fc65

SHA1
f1097ab0ccd0f115bbd43c83b09b07759dea466d

SHA256
e55c4ba1a6530ba7e91b24a2fbe3cbb41248b02baf6d40fe8f7cf7277a0400e9

SHA512
15f048cb02708473fc6a3bfe0e7b21d8f5655ef2d243f7204d850b78a0f40ad5acfdabb518ddd909e74209ec69b307d11048eee97885023ba3dc0385cd9fca68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
90e17017bd7e937f11d7c62d12221310

SHA1
b3623ae0797cc91bb5c2e56a11af5437fe90ee60

SHA256
0ecc82945314bc76d317b84d7976ee81c24b2e50dd5811d9ef94b0914876e61c

SHA512
712aa9fbae11dad8e7e5c6c8658babe8db9a6c58917a473a464eee95ff4ce8ece4f28a96117640031f04afb954c6c02067ee04267a9af51c9bf06006e850b54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e5088e6082c3fb9afb840f67dc392b67

SHA1
55e16511a7cf4e08993a3581043c77d384fe1986

SHA256
9fc4bd3211f6cd53947030b3e3fc5982b8c44ff9738a2be24a43ed4026dcb519

SHA512
9de17afeb6e79b7cb4f9cfc3522d4d6b1a00a2563f6974f2ef90002c559bbb10da4f053293357177610f3fde29a79a4cab1d3d2a339ce1e770a27607b1087300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ad18f708d3b43d83462a667fda6a1251

SHA1
ac5e541df5ea864b1ab76f5f1c8263a0c6f7363f

SHA256
bb75ec54598ac8e0c0900188c60e116d27d2aedb9648f878743def95ccd43510

SHA512
3bc362c01f05171b5ffdfba9ddca7636af8f0af0c926dc1e704dcb21611dcb68a9e87ff249f9f34a66bd40c2d8dd22daccd5aac67df092b193d312e693a7fca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
eeaa25e5a04c3835f926b53f825d81ce

SHA1
e0c865d9007d440af29abde78ba50dff4235d09d

SHA256
633aa0f4bd0124e5eac3d053bf8310eafdfdee3ddebbd53867c31cfc50602210

SHA512
e90bcfc8759b2d41581f1f3273827bb823d6d5a836ce3abb2324d2debd61672496651939ccc8c862fc6a0e2fccacb8a42a0ea9aa68f045543ac780a1b2a2cdf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
65c4e17087ace41dc4b4c81d3a2a16ba

SHA1
261c97116ac4f7cb224c774d39c4357d7817a752

SHA256
f7a544d10bedb24e11d56252ffcb257d784e29f252b4d9dcbed1f43aa698c40d

SHA512
d194346c28a819260f7ee219bc82fb946fa880b276aacf30cf38624b3f8cfdba389b6e6e605616ec2e4dfc3feb4e1aa8a7f8bf76641e80b4e456ef8492830909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fdd0d821d716df8f437edf59c2e207e5

SHA1
8c746a0b0b5f1f5198699278227d6206ac91d3a1

SHA256
f8d5cf8e039ab0c2759e00817fa37d8204134cf18acbfbfa8e5577ee519753c2

SHA512
12698ad03246bbd2f6afce74c62db606e1828e38a81d78b20cbb0cf4f262a67a0e3ab23cc3507b996ca2a99703772ac5989fd42175f93e5a5b604c3518bacbf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
96035b1d91e1338606d84def0ae4a0b2

SHA1
7b96458439e60b4049cc9d96e9e4b53a3142cede

SHA256
a5dadbb786e7bf4ca7c2d1251b9ccca860cf4d1f4f6bb46e9e502c1ba6778cdf

SHA512
d28e6c7435bf609eff17ea619a82623b55d21fa05a8740e0c771cc64015cbbcbec76dd72fa988443fc02aa4420dce04189ad776f246ca2814b7cb94fcd9e0312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6eec223d5f97a381277b77d46d89209e

SHA1
1bb55db804677c1a6059d49a973effde52d0a2ca

SHA256
d0b56d4a56749ebedcc597cb6f74beb5205703fb224f95cea0185cfd9abb9d5b

SHA512
1865fe992ef7997dd8442d5b1e9d466a410183d8e9c033610f64c8ab44fe298c1155ad6182b7d28962c55cf44aec78f96e38fd535f82dfc5eb8001ec52119bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
27f4ae3c80561f52f5864d409de87dee

SHA1
c626bd6372238f450a0ee8f1fb7d64b6e7e10ddd

SHA256
493c3dcd54c4bba9a06d92d0199a9d1af7305a208bf162a8d1abd31ed1990e2a

SHA512
753fa51aeea08a9629f80fbb512088c0c1d72720fee13126713ca59834b0822faa4872335a30ade582474de8865bd36fa25f03b1ce8d5637fb0d1a21c9b5ded9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
68a179f21459da15195ae2e66d6d1686

SHA1
09889ce0268624a9c9096e6cf16ca38bfc242ea6

SHA256
25f3a11529bae69b4ea554d58f10da0100fb3034924aa95ce90c5924068937cf

SHA512
ee8a6001ba8bb2d297e1bd27e308eeec58b4af4496c333539c29b80a2a564b64dbebb68810dade680ab7900125f706954f39b423d3e37cc2ca0d8753f0c005b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
56d17de9cd9aebcc75f30a97191d8531

SHA1
0360312893bde071b827788a1502ed0b4a896167

SHA256
191b9e6f7480a75f92cfd628f4b40bbd52a183e0cc86f408200899e8e6af2410

SHA512
70146e348d0e390f3566356dd76092ff1128eea1787849a6a8bc5193334c7735e0aa920b889354339a58a7b8c8cacecc0694f89db00116b728f9b0edd49dfc46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b62f03c17c11c30ad035a4e8f7edcc46

SHA1
58aa3c30336b4591f35a6390da339206656e3b3a

SHA256
ac3a23c1a4dfc646f961fb3491e5d1dc2e6d58e03eeec639cdc95918e28227ee

SHA512
9bc1b723f2bd7ec2eeb00820d18e92ce4bcb53faeac5e627ad31de82eb2fca8b049256415b66aa5a560cd208675b656f4396f28d883a52f06de6dbddb4da39dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
2d246aea63ad9e2f8b789820f5970a9d

SHA1
8838d3f5fd12c96c5a7682ca1852158bb6cbbc2e

SHA256
f8ea4ffb5f0240be66833e8e47def696ce6663c43135655fd8adc594e00fb60f

SHA512
879077799ffebad14b843791828c545b9e01286d051cc246aad57717edefbb3175dcafdaaf61e71bda2a3c5083b9919767e506e2a6fe360cf421f87964ffeb33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ee89641c1556d52b1cc4abccfedb6d0f

SHA1
00dd84550ada708f67a62c5e56fa36ef2f296a7e

SHA256
2611d4fc2b5205c1acc7b1b8d875cf409a4a8d359be5c90ceea004bf5c3f1e31

SHA512
22e48b04c7525571a993f6e084271ca083d585f8d2aafcaa2db757f60bb757efc2f43e16f52fc468c6106984f48f47e40a24c8b32f10c57a8b88bf2bd070fd44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
068392babd56b0aaf774f798d729de23

SHA1
d6e787ad1771b74815c5cc7c3b44105351a4e418

SHA256
d4fb97002699e9fbf3ed92e2fa5b06871f50fd47e43b3b56510c9fe906dc8e88

SHA512
b96b916c09513e991886410d1dfe0bdc35bf0d92827bce0cfc08b2b4b499d6457d51431f591523ff51b7c33ee10847c69941c8c632d20335043265ee808b746c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6c602f1f7ac8e10a8b4fd7f1a8dd6599

SHA1
dcc417891c210f6e44b5af5d91522fbbbea7248f

SHA256
636fdf089156f8933e97b8c63f2365ea335aa8f31a52019a93de4f9bdca39ada

SHA512
1a2e29a8d4c72c2d8ef50c51648081914a3aefcf10cb0ee60bb1038c7c16cb927365a01f7e061a3995a1fd73e0be624b2cbb113bf1309d3159a6d0d770d65f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
cb5b85be414b01c285a695b89606e228

SHA1
8ad0bea72010671a4c970f7261232b090014179c

SHA256
19a7052e778723e6328bb03ad0a7a8e9e5b7c237dc1c3a99091af5a8ddf3c3a9

SHA512
c5eb59bce70b39b233f02fa6f07d846219dc2dc3e49d04ea8a180457ad3c13832149298ae5e77bb849fc3eb104509358f822a59e687ab284991fb6348ca8f89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
52c256a0fdb83270694a2d4c81d34589

SHA1
b121eed775b2a91f304f8eaec0661b9d66c9b620

SHA256
cb995c4124a3f0fbf1d372b8210587ea426424171e7f857da1ebaac79164b709

SHA512
cdc17704d2f988217751331b388cd7cebdebe84f5631cfab529c616bd2a5ad34f064c03c1c595b4c57b02ba9a2f804e9f4a00fbe965d73690b9dfa7813682e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1f921ef11c2c7dedc248eb27c79f6783

SHA1
44bf76095edcca660d19a92d0b81a382978a62c8

SHA256
4207f2352c7cbd425eeefc0b42fe9cde0a36a350307e65ff6dd00ab86df47430

SHA512
032a26ae2d5772c115be7766f02440ed9e94de894dbf4ecedbedab66dcfe4005a8ed2ce7b52e8d2581d3642a285ca215c980ebd8022b81ddbaba3226a7db572f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d4944fedd97905eebce3070d54dd286b

SHA1
adc8549740dfe026a3089443d4e366c235412828

SHA256
efebe12d22a09a59662c68e5f6a0a2e83ddf246147b9b1c9920036a0735df0ec

SHA512
73c87df8140bb872b2893d8ceaf34d3a8c1d490590c94fe65d435a3b147c5284023e3d6eb721aee9a7523ad0136bf24253e1905e8e27d5f4d312056212d1c36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
97487478d651d64a5e19a6024f90b20d

SHA1
a1d24a6f3a3b596bf8cf97b9f7763f35c8fa1658

SHA256
26ca843866614a1aff76aa63a41d6162f99990fb45df50f7d7e47b40cc1c31aa

SHA512
57cfb073a8ce736d83ed0b6f21fa2c82bb40944a847568fbbd3f56dc5193213514cf4411975a1f29bb291375a8013af455a5bffa7d9d318ff823499bcd1d43c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
fe8e9817ce957202add3c4fae7639d33

SHA1
55374e77164a351be5bd498256b76bd57c53ea0b

SHA256
23fff3d84d88bae6c71ec42c4abeca99033f61f572ebc14a62be224e43638b46

SHA512
a475e4458aa947381ccffd7a60e3df864a06682edf036be84631d38f659fe6c3865be0fd806a4980f4ae25f0bd53fb7da7aebe1bd33aab6f43b30e0b241fb8bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7a145f9e94be1b071d644d2cba289c37

SHA1
6e592536a07a84c3c6c5a2faa9bce854c34e3317

SHA256
c9bab1cad458b10355dd550d9d1f8d9bb9dbf3cb9e0dea4b51485765c2792ede

SHA512
b4112ab5eb2160593f98dc5cd872d708c90161a296b081cc7c2f555c95463fbe0dc1ad4e1f22d075fb29d518d4fabbe922fd317da1e57316211b7866247436c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
68f3dc0d244da7e790490d3fe366204c

SHA1
7117a86f6676c171676a45b3da3f6f33b4f0bfac

SHA256
2fd5b645acc75c2cbd86a839f2cae8672f83172c2213e07fd6ded17f7870e0fd

SHA512
bfc5594a9f7e39a3b554e39d3eca719d29394bc678e9582f3c2f8f445dc3661094223bd50405f50f00f0e6790d26b12b92a9d9423b0a7e5489928b36e4798a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9408de5808ab2ae695be9fd81858dd08

SHA1
5af9bef40509b8363c9700a47e45b3205746a71d

SHA256
a2c92f7eec38329e80946d2927662f947194957b7de54081e6ca8cf36a47536d

SHA512
0936c511479e0c1034ec8fe477af3c2521a6996e445c56224b281bff327e6085332357ba09d084f1614185174599cfbfd89ce702ffb4e4b027cbc475f9f4d41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c704a86c082e8b2a1c1364c94d0d9a78

SHA1
8203c90128731fc6b364d6ca2d616ca7ab4d9c8b

SHA256
3375010aba5f5551a479bdcc74255c93d437215032fd585750f6444be1994ffb

SHA512
57a62c484a4215a3c3c6bf0dfa77001cfebf3c28a6088e9bb5f222767dafd4cd22484dc9e3e934d57b4364c3959de3beaf02cd4a327598cb6787f7d9bd9fabb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
ae0fe07359ab3abaa87e961ffa1471a5

SHA1
319c541bbf672b3abb6bacbd7fb9b8653ba7a5fd

SHA256
a59b096d4d858da7f8227e2658ce6035d5fbab4fd0409851ce3ad481c3e0b862

SHA512
ea6c23f2f9fa15f0484e91c7cc8df32ab7b50fd4ccda02d15e763023f3bb5cd67207dba1f10eab599a2192373c9d9e0a4b5fd635e575813b5f7c26c6453f0fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
40d9162f9152aed2dcb481d6c2ec7885

SHA1
a3fd9e09e0fef6787b3412d0c56510ba899d4ae0

SHA256
a721e450d8219eb7ffba3db81268dc014ce1e048c8d32401d7e4e72297b9ef86

SHA512
527d15885efd65b469d3cb5eab1fceea4354a6219a124c91b3ec4a0151cc649226b50cc96e3be63dfbf8f63e74fef910d7121f29ece6f26f92a6d80e72728181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c2cc7a8cc11e037088d5fef075f3aa7c

SHA1
55dfe98417502401841eafd34fa315e4ebc2b2bc

SHA256
c944052312ab89384f3211b313e381ee0c907f58a1c0da2a87065e1d730ef277

SHA512
bf747b981e1245aa0dce97e67c7781995e1e519edda5df5e137e9488367aec2543a7b335ac3f1b82bab5a34036be06e20c3647f5984646ecb703e58d822f4fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
95b3eeccaaa8be373ba80e817f8e932c

SHA1
4dc1400949329946e9a831318fd6d9f6161afb28

SHA256
32fcea9a0f515e4f679361eda883ca49a295f43a20511f18cec1b39062812e6f

SHA512
2ff61a3c05dc172228c5e291d435a98bc9594985985c7e7868b775827b3e2ecbc8e9e162b87d3b119925c481929d40c76030aaf7b9d2cff75a46c00bea9ab950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
129B

MD5
c2b311ab75e64c2d71088ef79cdbdeba

SHA1
320bde8b0ed0a03baad83c306762f9cfadff28d6

SHA256
36b4d6b85c37813937ea3756f430aa741ec9aff247db2c0a5a964563847226ea

SHA512
bfbb30029f79570b3b929272f7b9afc9dee696234f71fe0a83abdfd68bdb3efcc98963fd83840b25fc8189647e6f94e7ff5c44d907383c2613d2d36dcda0d491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aac15e43-eeb5-4426-bee5-2d44ded8427d.tmp
Filesize
6KB

MD5
db5d5871af95c6932632f73d953a24de

SHA1
41fe865a27470e9225aeea07170be630ebe08ee2

SHA256
7c88e21a424d0aa9a96db88c61475a6e2a4928f512ed8999648fd69b89ecc4e2

SHA512
85a7b02b03fbf68d2a8416ae24bb2ee82e6359b523cdc682412f07f7b0ef1823b10badc8793f58f5417e950ac23c0ce98b2fb956103bb1250ef1b628e251579f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c28f8f31-4400-4d72-b3a7-f0b89e02db11.tmp
Filesize
5KB

MD5
95b3eeccaaa8be373ba80e817f8e932c

SHA1
4dc1400949329946e9a831318fd6d9f6161afb28

SHA256
32fcea9a0f515e4f679361eda883ca49a295f43a20511f18cec1b39062812e6f

SHA512
2ff61a3c05dc172228c5e291d435a98bc9594985985c7e7868b775827b3e2ecbc8e9e162b87d3b119925c481929d40c76030aaf7b9d2cff75a46c00bea9ab950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d019145c-ce1c-426c-a98a-57b17f986e50.tmp
Filesize
4KB

MD5
3e60d9127056f6a26cee18a9d2605672

SHA1
d5a6de4e824d35a5b4aaf7b8fdc6072ede345a76

SHA256
f6a1b734503eae36777731df56d21de8f801168b048be3cb744375664f359ba2

SHA512
35bd0676ded2cae7ac0706a79aa5aad36256beffac03fb2c9465b197d70632d5be414da0b25defbc97ca7b7f121df15d8a4d80c7c02b8e83cb9057e5211b3734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
105KB

MD5
796164187737be760fd3cf6deca48613

SHA1
3aa825fbea168e1e92e5523b8e76e3bce2db33ce

SHA256
9929effb06b83b863415d639bf50160fd36d2f9dda3ba9bc6f71b0e860d8bce4

SHA512
bea504f73570372b0a92aa9c696b7f1406e80f4d3fc3f8bd062a57df5fb65efb7ca31f0dc420b0101a24a9de3fc6d12b8e3ba02f6fbe739afd5641158e57e534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
930c1f637339a75ed6d0a26d5e0cc858

SHA1
7092ccd3daef5db065044948976cab6504d27f9b

SHA256
c9f497f642f92a4c83050f394b376bc2ee7a1f677fec4d2702525b24230f82c7

SHA512
2d29539e88cbbabebe9012e514bc4f7dad0316facbc9dd59931bc293d82edfa876c97e5548b078e2ec90c534c9903fa95819fb19c03ed7fd1fffc9990e3c6193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
105KB

MD5
63608bdfd7ceb417f267586f4dc3906c

SHA1
c7e7bd5c8ef4dbce0cbc95b7639e8485a8fbddf8

SHA256
ceaeb2a8e3825d0ae7c12b069ce40b444161928516822e7b1a8ac58277784ea3

SHA512
65732ff0d267808d356f7b27c1b8377570db5456747cff989dfacfa9965333863fa100d2d6475b9317fe0009fb8cf5cbb0f904b8675df52f5d4ad57d9d4697b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
1f4a4d4d1fb878f0325e6ebb3d38b2a2

SHA1
852d7cf2e5a65b2170e74f1e6fe41576c9b1105f

SHA256
09fdbbda62846b198e5d800a01a3d21615bf369d29d7870312ee86f8b638c354

SHA512
b1f56bd6bffecbca6dd56ab573c3635ed34703824f92387cf9af4ece4d48318699f25d060dfda30604d7ca9d9c80f78fc2c02f6001fb4e584f852c856731ad8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c332272f-ae9e-451e-b3b2-d02071e8504f.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\BatchIncrement[3].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\PCClientBootstrapper[1].json
Filesize
2KB

MD5
4b220deaf4fd3370c2b7ddbb2a541549

SHA1
8a198376e29b37bac2837f8ccedc85a583738ca5

SHA256
d40df69638475cba8ea684bd7bf6bacba879cdcb8ed94dcfbda7ded17af5e2a3

SHA512
1d5f193f9fff2e3147dcdfe33914be803a26dd131bcc3c65b9c132f3c8bcaa0fa2cc81fa9efaed7b6374775a8aa7efd20d13065de483210865742b056759bfbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF0W5LQL\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25D1.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
10935a0d560534dbebc3f58d4e67d451

SHA1
965a21d34c09c7f8afb559a648d8276b804d7f38

SHA256
ae3d0296eb5d2366464d06c5e8e12fa887b1430c899caba8a650c6d11552e8be

SHA512
f21fc1610bf5711eea12dc15d8aa299b38ebe04c2516e69f8cd91b059dc0971782edf1d488f660a252455a23f45d156408d9d29c26e462637557d4f539dd6706

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
10935a0d560534dbebc3f58d4e67d451

SHA1
965a21d34c09c7f8afb559a648d8276b804d7f38

SHA256
ae3d0296eb5d2366464d06c5e8e12fa887b1430c899caba8a650c6d11552e8be

SHA512
f21fc1610bf5711eea12dc15d8aa299b38ebe04c2516e69f8cd91b059dc0971782edf1d488f660a252455a23f45d156408d9d29c26e462637557d4f539dd6706

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3AXARLID.txt
Filesize
68B

MD5
ca132574868fb7a4dd64784de3022a6b

SHA1
136638b877b075419e61d46a95b502cecd595701

SHA256
59f9fcc08c4f83fa157d844571c46f7e2a3d34a907bbdf800e6721338ae41af8

SHA512
00dedca469283748275b07179bb4267567c9132323afbb4e0914ddb61569011ede17a978eefd01f7696548376d8463080a432d1d7a2f8cc84f7461e03627d869

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\??\pipe\crashpad_1480_INESTBXYSJBCZXBW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
Filesize
58.0MB

MD5
cd199f81c3a2cbdbf8ede573d6c19013

SHA1
f0fb145f124ac1d299a34ca7efaf98eb946718e1

SHA256
87da9bc3377e4503712a5fa01f1b4560effd3908cf25257f9c639ea671b34a78

SHA512
f06dde6f9ea5bf11d876b117a33f46a8ae5a22ecdf8fc768af4d975b626661e89ca7a866585131b1c4289a2038e8bccd28dee13b570ab4c37e1eef7ee037b08d

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
Filesize
58.0MB

MD5
cd199f81c3a2cbdbf8ede573d6c19013

SHA1
f0fb145f124ac1d299a34ca7efaf98eb946718e1

SHA256
87da9bc3377e4503712a5fa01f1b4560effd3908cf25257f9c639ea671b34a78

SHA512
f06dde6f9ea5bf11d876b117a33f46a8ae5a22ecdf8fc768af4d975b626661e89ca7a866585131b1c4289a2038e8bccd28dee13b570ab4c37e1eef7ee037b08d

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
Filesize
58.0MB

MD5
cd199f81c3a2cbdbf8ede573d6c19013

SHA1
f0fb145f124ac1d299a34ca7efaf98eb946718e1

SHA256
87da9bc3377e4503712a5fa01f1b4560effd3908cf25257f9c639ea671b34a78

SHA512
f06dde6f9ea5bf11d876b117a33f46a8ae5a22ecdf8fc768af4d975b626661e89ca7a866585131b1c4289a2038e8bccd28dee13b570ab4c37e1eef7ee037b08d

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerBeta.exe
Filesize
58.0MB

MD5
cd199f81c3a2cbdbf8ede573d6c19013

SHA1
f0fb145f124ac1d299a34ca7efaf98eb946718e1

SHA256
87da9bc3377e4503712a5fa01f1b4560effd3908cf25257f9c639ea671b34a78

SHA512
f06dde6f9ea5bf11d876b117a33f46a8ae5a22ecdf8fc768af4d975b626661e89ca7a866585131b1c4289a2038e8bccd28dee13b570ab4c37e1eef7ee037b08d

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit

pid	process
2180	RobloxPlayerLauncher.exe
1952	RobloxPlayerLauncher.exe
2024	RobloxPlayerLauncher.exe
2304	RobloxPlayerLauncher.exe
3032	RobloxPlayerBeta.exe