b672e59bb345d12ebad37d174cfb2a581ddaa1626f1d52076696d5bdb1b3bdd6

Analysis

max time kernel
1800s
max time network
1809s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 17:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerLauncher (1).exe
Size

2.0MB
MD5

ffe818bb675c441ae967cb0fb85b56d5
SHA1

d1ca6c9bff52d2249698919bc73462f2de2bb284
SHA256

b672e59bb345d12ebad37d174cfb2a581ddaa1626f1d52076696d5bdb1b3bdd6
SHA512

66e5590134d575af49c810979c35d6f6254226ec712e7413525b47bc15082aba904b9b475ce270586ed1f378e5efb5af5d8924f3e86451b44c96f70a59b65963
SSDEEP

49152:EZbE3RF3Qm9zVOfmTNtTMvapMagMTz+MPPMQ3dSK/T7ob60VWg:E5Ugm9YfmTw+ob5

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 5 IoCs

pid	Process
4776	RobloxPlayerLauncher.exe
4844	RobloxPlayerLauncher.exe
1548	RobloxPlayerLauncher.exe
2696	RobloxPlayerLauncher.exe
2980	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\avatar\unification\CharacterEmulation.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactRoblox-9c8468d8-8a7220fd\React.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Actions\RequestReceivedCountUpdated.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\ContactsList\Components\ContactsList\ContactsListMapDispatchToProps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\ContactsList\Components\ContactsListEntry\ContactsListEntry.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DataLoader\DataLoader\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\Debugger\Breakpoints\server.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on copy.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TerrainTools\mtrl_sandstone_2022.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\BubbleChat\BlankBubble\BlankBubble.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxNetworking\RoduxNetworking\RoduxNetworking.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\Utils\useFetchContactImporterInfoOnce.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserLib\UserLib\Actions\AddUsers.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\Dev\Rhodium.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\avatar\heads\headP.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ViewSelector\right_hover.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-1.2.3\InstanceOf.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoactGamepad\React.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RobloxShared-edcba0e9-2.4.1\RobloxShared\RobloxInstance.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxAliases-64af4154-868f23dc\RoduxAliases\Actions\ReceivedCanShowUserAlias.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\SocialTabContext\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserSearch\UserSearch\Flags\getFFlagUserSearchContextualInfoUpdateUI.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\InspectMenu\ico_alert_tilt.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\mountClientApp\helpers\setUpConfigurationObjects.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-3.2.1\JestUtil\formatTime.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\avatar\compositing\CompositExtraSlot3.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\PlayerList\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Settings\Slider\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestCircus\JestCircus\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestCore\JestCore\collectHandles.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-90b08185\LuauPolyfill\Array\includes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-a406e214-4230f473\ReactReconciler\ReactFiberSuspenseComponent.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\User\getPresenceTextFromUser.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Timers\Timers\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\configs\DateTimeLocaleConfigs\es-es.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\TopBar\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactDevtoolsShared-a406e214-4230f473\ReactDevtoolsShared\devtools\views\Profiler\CommitTreeBuilder.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Components\EventDescription.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\AvatarImporter\img_dark_RthroNarrow.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\Jest.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\BubbleChat\Helpers\mockSettings.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestGlobals-edcba0e9-3.2.1\Expect.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-24c5c11f-f6df649b\RoduxFriends\Actions\FriendRequestCreated.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Selectors\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RobloxAppLocales\RobloxAppLocales\Locales\ja-jp.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialPolicies\SocialPolicies\SharePolicies.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\installReducer\AutoCastCommands\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestReporters-edcba0e9-2.4.1\JestUtil.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\ContactsList\Components\ContactsEmptyList\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\RoactRodux\useDispatch.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SharedFlags\SharedFlags\GetFFlagHideConnectPageWebViewItemsForVR.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Analytics\Navigation\BtnValues.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Controls\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Settings\Radial\Menu.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Settings\Radial\TopLeftSelected.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-24c5c11f-f6df649b\RoduxFriends\Reducers\FriendsReducer.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxGames-c69837d6-ca9547e2\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Analytics\Navigation\EventStreamEventList.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PYMKCarousel\PYMKCarousel\installReducer\Friends.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuaSocialLibrariesDeps\NetworkingCall.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5272	1456	WerFault.exe	27

Checks processor information in registry 2 TTPs 44 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 48 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "4"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "10"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "18"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "23"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "31"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "3"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "7"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "17"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "27"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "25"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "26"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "12"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "20"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "22"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "30"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "33"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "6"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "11"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "14"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "21"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "28"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "32"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "9"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "8"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "13"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "15"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "16"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "19"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "24"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "29"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe

Modifies registry class 55 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{334ACDE4-8480-4F45-845E-2493BCBF86C3}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{478EB1A8-1D95-46A1-A6D0-5A550FF319D1}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{329728D9-9173-4F16-93C7-E4F5A399C090}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
4776	RobloxPlayerLauncher.exe
2980	RobloxPlayerBeta.exe
2980	RobloxPlayerBeta.exe
2980	RobloxPlayerBeta.exe
2980	RobloxPlayerBeta.exe
2980	RobloxPlayerBeta.exe
2980	RobloxPlayerBeta.exe
5800	msedge.exe
5800	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2980	RobloxPlayerBeta.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	636	firefox.exe
Token: SeDebugPrivilege	636	firefox.exe
Token: SeDebugPrivilege	636	firefox.exe
Token: SeDebugPrivilege	636	firefox.exe
Token: SeDebugPrivilege	636	firefox.exe
Token: 33	4900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4900	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
5364	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
636	firefox.exe
636	firefox.exe
636	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
2980	RobloxPlayerBeta.exe
2980	RobloxPlayerBeta.exe
448	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 1100 wrote to memory of 636	1100	firefox.exe	87
PID 636 wrote to memory of 5064	636	firefox.exe	90
PID 636 wrote to memory of 5064	636	firefox.exe	90
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 1428	636	firefox.exe	91
PID 636 wrote to memory of 5076	636	firefox.exe	93
PID 636 wrote to memory of 5076	636	firefox.exe	93
PID 636 wrote to memory of 5076	636	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
PID:432
- C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=1c1d562e2b76ffbba00795ff3ab1415e381b3d0d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5a4,0x5d4,0x604,0x5a0,0x5b0,0x63f810,0x63f820,0x63f830
  2⤵
  PID:5676
- C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- - C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe
    C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x730,0x734,0x738,0x698,0x740,0x62b480,0x62b490,0x62b4a0
    3⤵
    - Executes dropped EXE
    PID:4844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.0.328779889\2062372787" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a15d6e8-86ea-4a01-b6ec-ee37d2c2bc01} 636 "\\.\pipe\gecko-crash-server-pipe.636" 1916 144e9416558 gpu
    3⤵
    PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.1.1167484492\574397813" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb3dc3b2-179b-42a6-a65d-ac53524e3a77} 636 "\\.\pipe\gecko-crash-server-pipe.636" 2316 144db471958 socket
    3⤵
    - Checks processor information in registry
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.2.39242417\30257987" -childID 1 -isForBrowser -prefsHandle 3376 -prefMapHandle 3372 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c5d3472-14e5-4213-a54b-fbc7f2766dbb} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3384 144ec12e258 tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.3.1091510206\872750917" -childID 2 -isForBrowser -prefsHandle 2924 -prefMapHandle 3308 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff5011c2-94fe-433b-9a05-9a9d3c025fe9} 636 "\\.\pipe\gecko-crash-server-pipe.636" 1272 144ecf24058 tab
    3⤵
    PID:3196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.4.464461317\1200813522" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3680 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {518db84c-072a-4516-986e-6497ce6426d2} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3796 144db461f58 tab
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.5.1303101899\1140298704" -childID 4 -isForBrowser -prefsHandle 4720 -prefMapHandle 4772 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6b65d45-cdd7-4b4a-b568-cb71cc7732b6} 636 "\\.\pipe\gecko-crash-server-pipe.636" 4860 144ee441458 tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.7.1391552328\365144972" -childID 6 -isForBrowser -prefsHandle 4948 -prefMapHandle 4980 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {248785c5-6c2f-4f96-b2a0-df8d6fce7be1} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5132 144ee442058 tab
    3⤵
    PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.6.2069398638\186072492" -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 4992 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {870c1a91-d72b-4e29-8963-0070eb8451b8} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5092 144ee440258 tab
    3⤵
    PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.8.2064425194\205285130" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0a32c43-4623-4def-83dc-1a075ab2ea12} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5796 144eddd6558 tab
    3⤵
    PID:5796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.9.901702772\1436998830" -childID 8 -isForBrowser -prefsHandle 5948 -prefMapHandle 5720 -prefsLen 26755 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e0aada1-1d46-422a-9a5e-4a5fff983a22} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3532 144ef9a1358 tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.10.386618984\111042440" -childID 9 -isForBrowser -prefsHandle 6012 -prefMapHandle 3768 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55942682-adb9-40fc-bfba-af2f8df14a60} 636 "\\.\pipe\gecko-crash-server-pipe.636" 6004 144db46df58 tab
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.11.2097595314\495920572" -childID 10 -isForBrowser -prefsHandle 4720 -prefMapHandle 5024 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e29a075-b396-4d5c-94fc-389042277c0b} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5260 144ee443858 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.12.1568138309\1807484179" -childID 11 -isForBrowser -prefsHandle 9252 -prefMapHandle 9256 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5189117-b810-47ed-b40b-04379d781d5e} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5320 144ee214e58 tab
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.13.418418831\1877389330" -parentBuildID 20221007134813 -prefsHandle 9632 -prefMapHandle 9644 -prefsLen 27195 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66bfcc7e-7062-43c7-b237-52f7c84c4292} 636 "\\.\pipe\gecko-crash-server-pipe.636" 9268 144db42de58 rdd
    3⤵
    PID:4924

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 1456 -ip 1456
1⤵
PID:5340

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1456 -s 1768
1⤵
- Program crash
PID:5272

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:asZXdhX7Iqk3ZFk9rMIalaGvAOV5Ibrg-kfW7SUaoGUJGik0Gm237q_cZSL5hjLYwN2kVEzIQp7RXwg66fiezWuFYFUZ2_pNPkSWYUNxwDWWKKy9UVbb5C58l4VCsGuHBklla8ALAibHpvBFtzsVhNxMRiIluBUhL47g18mdTx7dre1u0IKhVPmCKlQvVwa_v-zN044tkrOk8ITQHL0NbNn4zZPdHhU6BFWkaQ4DWI4+launchtime:1680376333455+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167749394419%26placeId%3D6048573718%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D98420cab-75ac-450f-8759-6bb1a47e0cee%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167749394419+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
1⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:1548
- C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6f0,0x6f4,0x710,0x68c,0x718,0x135b480,0x135b490,0x135b4a0
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe" --app -t asZXdhX7Iqk3ZFk9rMIalaGvAOV5Ibrg-kfW7SUaoGUJGik0Gm237q_cZSL5hjLYwN2kVEzIQp7RXwg66fiezWuFYFUZ2_pNPkSWYUNxwDWWKKy9UVbb5C58l4VCsGuHBklla8ALAibHpvBFtzsVhNxMRiIluBUhL47g18mdTx7dre1u0IKhVPmCKlQvVwa_v-zN044tkrOk8ITQHL0NbNn4zZPdHhU6BFWkaQ4DWI4 -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167749394419&placeId=6048573718&isPlayTogetherGame=false&joinAttemptId=98420cab-75ac-450f-8759-6bb1a47e0cee&joinAttemptOrigin=PlayButton -b 167749394419 --launchtime=1680376333455 --rloc en_us --gloc en_us
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4900

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:448

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5420

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault97f89c42h8b7dh41bbhbcabhe05e626d4f06
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xfc,0x7ffda6aa46f8,0x7ffda6aa4708,0x7ffda6aa4718
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4063168830950063781,16321093042263506012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4063168830950063781,16321093042263506012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4063168830950063781,16321093042263506012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 /prefetch:8
  2⤵
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:2512

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:880

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5940

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:2860

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4932

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5176

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3864

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:2112

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4244

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5532

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3748

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:2748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\AppSettings.xml

Filesize
149B

MD5
48f58abeaac832f838efd2beb25f4c90

SHA1
7878e28b62e5d9bc9042a3e44094e39668f03384

SHA256
893a58e7946728c9dd5caac10e5bdc306a465e406c1f979ded52a13dafebce2d

SHA512
c5e3025b63eead12a0f8192ea41afd1216dd87b14a07d22ebafc6d3d899a06e80da947b3fcd1b3f2cf53b89b3de9967f89c415394d66c277556373b620dc827e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
d1ab3747155412de9b60ee300f21c3c8

SHA1
c1e501382730296ab61cbcbf1a7a487a0af6643a

SHA256
5f442d68b1a0ad8c25ac5bd2ee1ebd985c5ea2059d797e10f8c8c7139b101dc6

SHA512
c4c7c7885dfb02a3dcecb3ec2b6a13eae6348b5758493d80f84f01894a7e7edef910d61d3f17d19eba9340f94beccb3d0d8a4006cfe27534b657c9bf399ec30a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
9bf77ce85a5a981d86a0f7a4672ba22b

SHA1
62fb7e9f8b763de11a63a156c847e7df4dde7fad

SHA256
44ed3a7243fe9995a4439683d11971670eb00101c3832ad30db5242560b2b354

SHA512
2ead42546c80b3dbb87ac93f1324c85fc0bfed5a7c51a1217993c18d43886a9e7580a80ba9a2b6ec4c7eefd23d274fce561845ab508b427afc906ad594f58e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701

Filesize
472B

MD5
a13b7596e70475bcf2a1c64793fc178d

SHA1
069f5003f5ca50fa14ec184d7df22071352e8b6a

SHA256
c91bb1c9e5e72fae0d71cdeeef74d28d5951d2864da4503c189782305b03f295

SHA512
bcddc1a4e6179182fe214a481b93650c95405415e41419d7a138d8420be3aacb5c9a94b94ebdfe391e7464a9e86c947611474d42ac229d1bc761c7d1a347ff21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
6a3b8331e801f083b403b0857ed8d574

SHA1
48d275731f1dbd0630d1ca55a1b05f149a011d1f

SHA256
98651a2da4a4613bc2a03c4128926fe6b05f1af8a7a21e1fedec75db013706a0

SHA512
7527b8857707c8822e4b7f5049ddc9b4c49933e68535690746d84b7f0187a10f36e874719bdb1bf3ba8b035568a7cbafd687b80c4621dc35552d73f7e497071d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
d1bacd6c41c109c7b868f76aeb24db93

SHA1
fbad0d4fe6ef4b7d27b5d56d7ce167cf190726ea

SHA256
a12c36f7c4c4f34421d27e99c410bd281f018137c985dc19012ed99014324a1e

SHA512
195a59bfced297364c73c3f1a5f43e955b65ae9d0ba1c1cb4d703bfa95c59be6f13e7509978e0ab03755b82a64a9d804199dc6d92a75e7e2b23ddb3b1d31a634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
84b1f477c90dbeb15a36b2ccac368a13

SHA1
98258bc6548a59dbdbf2baedc3a8ba94140c7d57

SHA256
00af63b52d5ab007911925c905af313aefb5f6b61e8dfd17bed35abf8b0786ef

SHA512
ab277579fb932eb95fb2b84ec4e8c12aecc196113e24d6cea3a7d182af20266a8997dd55ccf878c8e65332ae081635e8420da84fe13b2908087e8c46054ccc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
0cc22a011ccaaebc8d6e46ebb016a84e

SHA1
0ef4e417095e7a31d5a6d24fd9b098886185f274

SHA256
308735064ff38c7fd32d09fa073f491b50d25b2dcf542a66d59b5adf5e64944d

SHA512
4f44bc1d97d34c12a603dfe12ec4317d6509e725a82ba9b94212687acd45e838d9d0c0b3b52ae23d927a173876eea6d84abe1c6df96b6ae96170488967933caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
c34af3796b40f056e01b825b5a7ef32c

SHA1
050fce18bc8356feaa258237142366680072afce

SHA256
856ca4a97f6d4ae1c63aa3bc3eb8f2d4d630e83ff94766a8b98d74f9b89fa563

SHA512
eb0107e80b899ce95f4e297ecd6bffbb2878ad531600831abd5247d6560833532f5b39c9d2c7252461873c78a1c55e1a51f6af0a75d7a19ca92b069dfa4dc40f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
46b836ac2ac4b658de1ee534defb7361

SHA1
61270c9fe69a95d4d920919736be57da04dcf94c

SHA256
f270572bc3bbfeb083ab522a86e1f1c3c358c251c38116da0fb5edc9d2406d28

SHA512
6a21af5308161e8d5633efa7ffae0a7a375867aa3995c3231826663b6de5f26c6ffbf5b2adbdde3d0b10933d2b9e773bc204f6e201e7c8eceded8c9f08c8737f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701

Filesize
496B

MD5
6393105c95dce12dd6dcff02ffda5247

SHA1
8aa974063e9bf67ab3627ecab3844ba03eec3a9b

SHA256
55fcf5b466a4365e43157b6fee8b21ed578df2d282697708598d65af5cac869f

SHA512
949f522979738d07f7ce7e3e318f77fd869c5c8a7b33edf81dfa80f98b69d7a2d9e94e7d4a614431e0db0b8430282f5be36ebf91794437116ec0b9938560826e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
2ce85793c2c4d0d2dc27a8522304835c

SHA1
1190cec9352e94e9969be206a3d6e912929479f3

SHA256
bfa333fd4f0e64ac4568c935d85b98ecf038f737643352732c1c4198ef3a6cb3

SHA512
1fbf120917362852a1dcb2188aba206583e2952c8f446ab21f9e7771b2ef819946f9a3c1b5f271d841f711fc113c0c614fae293e9848d51ebbf1ba403fd2c2ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
662d465595f889fbe3c2f72de2a43f08

SHA1
c2ed125e60375e255e28bbaf7e736a9032faddf6

SHA256
d1f3fb57eaee2bb0615278efb2ba343ad12010d3fe883f3138784851ba832f50

SHA512
25d4fb1f40b9e9059899374dccc32d00630a2c70c10963d10c5d5a7128bd6b85ee4a0ac5f6a8931e72447e1dff1aad8fe59ad6c4bcd63e0c0ba67aee54284bb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
effbeee6ff4f0ef5d78ec316b269a4de

SHA1
9a8fd81eb211b4c00eca095b6adb74822d929f25

SHA256
84f982fcd8502f2d1992ca513cb717af9d6cf6aa71bfa94f9dffe9c8e2f1319f

SHA512
635f4f9acf57f16c0ac32acdc4ed0d4c06245a6049f4703c2d80bbcdafba4a97048cd35eedcbc67e9aebf0e92db4cbecc7d40aef8a03178521faed1380dacdc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
f5c70d5f08a53528dc7dcdc4449863e6

SHA1
273c8d399eba813dc4fa4b451d4226383534313a

SHA256
aa8f95dcc2968c722ff815ef6894afca92b82888c9604a08e76467267b5bd080

SHA512
90be69913a6ea859da750b7b84223ee29f87710976c01afa0a6c114e7aa922afd9fc3f84033873599d2ba34c13011f99802a1760dc9f3bec0d2864ef754d6c08

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx

Filesize
176B

MD5
288cc168b89319cc823e0cea7d5574d9

SHA1
fe4328d752864dc8a4e0cf10e7100c2648e07d6b

SHA256
c364dd9d642305dd06a1cbce78c08490c58695436278d175f8119f7d31db69f3

SHA512
eb61d0d216c8b10da19914568250dfe3a97faeefe2b48dfba70529dde86ba65b35d58b656e069ddf3f896fcf48221741b3d3d38d7c1222df8b946551a4b55e84

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx

Filesize
256B

MD5
75fac122472d549925204d891c18cb26

SHA1
306ccf14ffe89b0a8a4fee2b54dd4c9c87a7eec3

SHA256
f8b3244514fb79bfe9b3455984e132a7c810b0fa9bda8123c9a79ea59491b636

SHA512
5152f7e8cd2eebd70fb3436d74dc410a768984af77b6e9dbc94643665accd8838c811587afa74d0735da172875392bfd318ce0575a1be49dded7a2f8ff340802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
f86c21be8d271680aac8e9894a2069d1

SHA1
57520686454236954a0d792f68480d4c27f94f58

SHA256
595dae128c1c916eefdb5427794ec9771c9a4aa5eeb74357dbab93068655a0e5

SHA512
c6228a38e53a6c99f4e6b43b9887709e203cde8fbefa5b649ab214304156ce3f8eb6686d979af4d414ed8e1a517205a991a2fc3ced8a4407ba17253d55ca69d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
47c7274dc2db840f9e33fd1c02c81fbd

SHA1
575fff5408f68f77a4c1fd410b41be0fe9ca474c

SHA256
5df57650f4d8a50febf4c25c4a451cbabbeb2bf3cf6525d02c885d32aa7dcfc0

SHA512
ff6c42a63b5b878450801f9832d1ba590daef8fc48a46a0e95360e6d74a44f39fb661de4b03755d1dd87a37c0ad5ef049d2c9b49bc00c3aff105f2397ad5a684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
0690d4492a705b944ced1c5b4a50257b

SHA1
b62f93ee062879400a90405b09df3895c4f21646

SHA256
89cb680e6121db3336ca16db66c22e5c165dfc1b5b1b75ae8ec8015115791c98

SHA512
c71d484fac93c21b47e9d82ebda8a7c282bfdd1088d5a536db123eee7dc8ffd47c974d6382ed20727924507d8094407ceeed9033107b7e129a749b891fc204b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\WindowsPlayer[1].json

Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\WindowsPlayer[2].json

Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\WindowsPlayer[2].json

Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\PCClientBootstrapper[1].json

Filesize
2KB

MD5
011de36b0efa683882229ecae9b55afd

SHA1
4b437507fb2643fb90fb24d563a64a79cbc84fcd

SHA256
fab50d3c82cab58eabbd914934f8bd56b1d0f270be25c31e29a6c9a92ca42425

SHA512
e04341afe5fd8ed422f5a3aa1386722bea872f49d7c951877d56e38e6db4c549a42156c2b09cf75f7e7ecf66353c5f894b89306046dd16c2f435dd6d5da84e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\version-b7209bbd7dd04d17-rbxPkgManifest[1].txt

Filesize
1KB

MD5
6a76995bb8f090b20d63fd98a90884fc

SHA1
4ef78b8f6eb7de744daa63f4c3a82c6ae7effe99

SHA256
4275e195a052b3bf28171cefe452b546e46c16e29beed80475a2014bcca35ff8

SHA512
007774f48cf807d86668e84f86b870090237f5edc9b67a6256e1b3cca1c1138ea7aacda0e05baaa4e4e8d67df738de33aedc123611255d03f487653a9a086811

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
dd0eabf9451eed277935192a8467455a

SHA1
9cc0e34035bf53279d37145c99dedf7b121da7af

SHA256
915d568bb3f34a6c73fce375d6bbdc4c7c4dbd8493be378aa46d70480d8d3e5f

SHA512
ef36c0fa86dcba2bc91cc6f93df0833a8159a2c5fd39aeb279e0413b11779c1db2ce9ea6b6092f933d13b5fce78504b6087b7732380dace1d1fdd25d084b5761

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10043

Filesize
11KB

MD5
497cedbb7d552684043f445454c3a1b6

SHA1
14cdd42397c60dac09594302b04e012ef26a16f4

SHA256
1ffeabd3f17e64cba5c188ace4778fe73201687815f21ef00e721d466b2f53c5

SHA512
5eae2b867c6f6fcd6e5177ad81a7b613750afb00b60bcd0d72590696b59b600247176ebfaf5c9f60a8daf4c17054c0fb15fcc027f6bb555e253507b8bf8edac0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10400

Filesize
13KB

MD5
509945e56666e21aa069e80b3219c808

SHA1
73879143303550c27a2fbda8d5ed0b302303d4d1

SHA256
eb34c1bc00f3327a62a8be31ef62a2ce822ecf9f7b358de183c2a73ad6ef5bfe

SHA512
8908ab7efdeeff95ca244d0f67c8f0ddae63b8603a3b8e53f4983572df57af7009f4b97d6f6f674589b563309e3c6c5815985733891f9cf8c2c72feabbeabf32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10697

Filesize
10KB

MD5
00b891d7ec07474c36219b60fd5acf8f

SHA1
f9ae6cb75be21b0f5cf6215a25493e2c68247bf9

SHA256
207b0d87a2be2d2b623e5d8791e2033a0e1caacb1db5124054721ad4fce929c1

SHA512
75dd0c7fdb88810c65f08faf9cb4117ca79b8f02eb54fb731d0d8cad7e55fc39a4fee0037b0c6d7c971bd918740537f6671710ce43a33db699708d110cd790a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\12094

Filesize
16KB

MD5
f2f2cedb810f34896c88d498613318b1

SHA1
f97351d7a347affcd2df757033087d35b1657a55

SHA256
d2dbcafa4e83ee5cdd0263d72a39cbe19b4adae1b97627ea7d37fc642d292c5e

SHA512
d0ac8c7193bcb9da512fae618e5adf3406be336c142aa92efd474c2d5fbf6faf6e227a9e259b233471b1bc9bd2c1a04f0e82014ee1987752027976c78dee2ae8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\12807

Filesize
15KB

MD5
946ece1565627d27f1923238ee9f56c6

SHA1
e14c9f6c40ae684ea0a752632023edc09bc17f9b

SHA256
8f400b4caea6065a5ebf1fab47db7154cd7b71a2ee85630d793ee509cbfc39c3

SHA512
fe56cfa369489e0183cd0227b802648ffe5289045efc30e17252e5f2590c215b44f84fdb5f7b77fbfd4036f90275413c0f8e60fda1f1bb83e1e107ed0c610a07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\14319

Filesize
10KB

MD5
cff92aaff0603f9c2631387a5cfc40fe

SHA1
1d821e775aeeb79d53a753de0d573b92c293af24

SHA256
fefcdc559245b9fad834689a13407f39b2f5176110c7ff26108b9a7cb2e855a4

SHA512
cad4025356dffe0368c99fc218785a216ca8cd3496b2e05e5b2a2e15b8d2abd71b1c5aaf76c8122492316cac2f9165c104c23977e524c1a042e9d577b90719c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15321

Filesize
11KB

MD5
a2e424aa686eb6c34ccfd45a8a789e10

SHA1
96cbe4a1621f857ae1988777ba516b0a758a48c0

SHA256
eec20ea33ece23b7f98556c8728cd2ea40f15ce45d8131302015e296326fbf2a

SHA512
50098f114804abddf041fc8a2b657da4d3d413637ff418aa056345435101416da47af9a9f764213434210c813a3529c6ae819bf71c18cd96c3f7018ee8f641fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15344

Filesize
10KB

MD5
cd52691886a07d39cc1da5c8cd1cc349

SHA1
fbe5a4460342a5de6d3c460c078b696f7e0fabab

SHA256
1c772a2fdaad25c0b4752c7811d9fb9226c11821f0c2d1edfb06f2bba23c2455

SHA512
b81db0d715c6dfb533218589be7239c51a1bf2b52344680bf66d70d4ce26356e86f329729298b5e71999d241b9e0e1269bf94d886c742aa3fb518be07a31f929

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15557

Filesize
14KB

MD5
6738652a8185909fa33ed1ef16b2c66f

SHA1
9ea962223d89481404d19a026a474f80d5c72a1d

SHA256
8525d1b9078299caf9d4bbeb66c978d673a887f69d05e129df841fcaa9cdc4a7

SHA512
085c5ef78a6f96c2c98fcb8b0bd525193db49de02a7fd2cb5ae3a8b276c7febb6da4c996bbaa8f980ed3e0aeb7208fa7151f96fef4f91ed894e5c4c60c0b20a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16462

Filesize
10KB

MD5
d0108aafb809aea653070d6a46d0f276

SHA1
1b5d5b8c9516b752c46876d37dddfc688dca44af

SHA256
00a4a9556cd28bdbabda640cff9c08c2f461604b525fa42ef8653ed898b6594a

SHA512
8ebed4fbd96ed44d09c5b30348e92476a4d2cfa403f40ddda3a8d301f7a74e493064e2a77967b383d486d0c5dd4280c4d9f230818549e6ee5e85e8a2815c03fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16667

Filesize
10KB

MD5
27c1afffbcd9f36588e930dea5e86b53

SHA1
ab354d1b0bbe869f0192adca5c3d4b64c8eeaf53

SHA256
06f95b323862a3d356bd204c4ecaa158fda1b89e28bf567f434a64ffb6bb9d86

SHA512
59ee46ec40603072936c53774db6ac3e9cbda535aec13f66818e5b6492d79ab7090cf0053209eeb32a79b4d1d2a27c4842fe21bd94162ab17b282ca44e7f2bb1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16690

Filesize
11KB

MD5
d5c9c51623f6da1145ef75c005461f1e

SHA1
9d0681894d2b5e550925af586c011eef8d6255fc

SHA256
95e6d1820d632aa38b8772bb6981d11af082d43594bc784dfa06b452fe6c7300

SHA512
eef92ffddae5c4681b4f551ba0bdaac4c1332e8cb3dd86617b835a23d0901571442c01bdef1292e263d4c729854eb61d5ac2869572649d00317de6b40a82034c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\17180

Filesize
8KB

MD5
2ef714813252f45898395557c291d91d

SHA1
f79cdc4998625a6b2b2841c33b6a81c152455f32

SHA256
754c7dcd780b1e36b6d141ababbe4d4e40e325a7b4ea22cc057694f59baf06ea

SHA512
fff3e13e9bcde061605683068181a932b0104cc7c556d94ca1359cce664a4ad738e410d7f5c38e039ce86b711dfbc65c64dd6fe06a42b8e79433b800d5dc09f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\18065

Filesize
10KB

MD5
88f59be8f9513df8f464cdc78533bab3

SHA1
6042eb77c50552d36fc2cb66aff4cf0ffd86a826

SHA256
5eb666607158f35586888dc21c18212cc80af3ba3a3198339246bfe455c20508

SHA512
fbb7611c72564ad0938b9ff4df1257f939fc227ec1465a08a9c97706a82f94e96e44c8286a8bb993c204766628382d0ef4e456be57350bdb8a5637531b2936c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\18626

Filesize
37KB

MD5
5e5cb7acc0611d422f137e93c538a4dc

SHA1
5b90a4209285dad9e52a9e15e39539c61073f6d3

SHA256
3193aa9ae5db2e4d9f8842260423579df7141c2ee231977decc7c573d99dcbbd

SHA512
f6e34c11317aa933eb5370c0748e72bfc32e6587c81305477f89b544aa9a855073e6fd96a7a791372131acf5bbe7a0f551da0024f33ec5eab515e7eba19e9b74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\18738

Filesize
10KB

MD5
10e3c8280f7b4c82592471b5d99c6936

SHA1
a65696e0435949498bc13bf657b2f31e684a176d

SHA256
9144ad43a61660b0f091ec6369ee8a5de19294b8b6aa2afc9634599b923a55d8

SHA512
162151f6a9b4ce98d0b27628bac5c3dc187d98d3472be12785dabe9cc70fb03b8af95b490ea23ba90f158b9a987a18b73768a0d57411b5e87d1d3e75f09d1df1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\18738

Filesize
10KB

MD5
ef7550d3f659492ac82a5938b4f3dcf8

SHA1
4fd9460f33f130e987e3053e887dd997cbce79a3

SHA256
1baac35cf2862a6c6b81d253c0420d783b4e01cf35836fcd297b6863bce69112

SHA512
6be386ae94d7ec9098afbdb5729ede9dd449794aae6ec751ef0e98f3b5f007d36e62ed6f42c5c8a16fd0f1d3eecc4b0e85e642290c018ce18e6327cfea296ff8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\19933

Filesize
10KB

MD5
32f17e961ab406acd1bc8fb5e9c1e32e

SHA1
f7844bf433e131cbfd15d0caff2d37bad1a0a40d

SHA256
cc8beab532c56ecb9a4eca18aa28ac342bd8feb8e3db93d7e59cd4f3e1995bc7

SHA512
becbca3ee3113096ba3a2fd5a653e30182e569f1040bf0a47aaef7253ca195d711d1f9e66dd2dc6b54fc06c1b1dfd0f02a0b2e7d5f69174f7c37dd7f66a93195

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20393

Filesize
10KB

MD5
2060c938faec6fa37be2d449679a16b0

SHA1
686c2d8d0189d30cbea40668a551a95a61f7fc1c

SHA256
5a246702fdddcc93837af90af7035bc935c5b22fbd8759e5b86b1be677966565

SHA512
38b4490036ba8873fd02b932210bf8b0587e01f8080cf76437fcf1de6986f8bdd5769f46762bd964741164917fcbc128fb944fce2dcf21e5a632bf3ea4a68ddc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20614

Filesize
10KB

MD5
72879664c3fd7edc2ee01be2c5fdc9ad

SHA1
345a69a116ea79a217e3039c513486eaf370dd80

SHA256
e11b5afdd8445d17f079b092c984f4c06591f779dbf9b6df219c9fed6b031ab9

SHA512
4a1167af769103bfb835dc9af8c4424e3c0b877030b902242fa4513509abd8c1c688b4cfca5d88531be5e1fe3bc4ab5cc85ecf3468da0c1a6a99b85a7cc3025a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21290

Filesize
50KB

MD5
d5df7870a70e35115867d16cd00da867

SHA1
b8770808cbfeedd777478c4d83009c09c327b759

SHA256
65cc19b3449a9aa383464d51a43bfaa55dc344ae0b593f9d8d2e6a12162f1fff

SHA512
fc75f1ca7c12c680e3f92e988a35486fceb189910d47948dff8b6175ef3e1186c0ef1e0eaa330214434dbcda596ab27cddabce5c12c0fc10c13f1feaf7c9bf78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21330

Filesize
10KB

MD5
6ffce10a7c66f40a6892f24a9360db32

SHA1
cb0b700e03d1275c25b213d7bf0967d03debdbbd

SHA256
a5795d4903887da67420bed83eeefd636abc7d4166ceae3f0f0b4447e67c373f

SHA512
befd6774d664f61e9298c852f2f87ba024e87f3da2995c53efb6a04e022f43403ccc0ddba1a7382dc9fb36a98ddea24ec28dbd241eec2eb8437954417db68ca3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2266

Filesize
10KB

MD5
1f5cb3abf7d81e04af51430f7b572491

SHA1
56d37d1fa8708c67d174a476d2d3797571179a27

SHA256
34135281d6294b0e81309bec47c36c2dadcd3d19f6bf38a74edb354504538196

SHA512
9f023c6317dbfe149e2f64cd5721ed7f5d4329516fe8c24b5e7a1a2735d3531e64fa579ce537b4e2c316168a6902d60312c4e5cfb3f0606cd8d08207faf791cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2298

Filesize
15KB

MD5
bffb01eb758ed5b054ee2e9ab5f455f9

SHA1
af1a49975ca0cf700df63dad1ff8035806adb744

SHA256
a41b6f085576bf1e4b1845dbd10f454d5004e54f33e223131c97758b0d20a760

SHA512
3b7469870318a754e9a211397c3603e724bba25b3d07a0f2975b1c99900e4fe7658c13a87c6fb9cdef318fcca49aa602c03d8b8b05defa43baa745a1cdd9cf7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\23198

Filesize
14KB

MD5
b26ddf88b715c1620f06dafbe05ae4bd

SHA1
2289790867a91a115420a2e37845c39b4127de6b

SHA256
7ad93f1c4c9b220e3160fdde42b24a06aaf162573540e74d1a0058fb214a1b4d

SHA512
8ce094bdbca827eb477089160375375ded0e70adec825ba2705179ebf297eb1d001441049433eacf0988c9af2afc32d632161bbd70ef0808b5303e1de35756b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\23221

Filesize
10KB

MD5
3d60525a489e773686d75c8e808c9f77

SHA1
63e190e939d5c889bf5983c732a437f9bc4c721a

SHA256
26e1b0e4eb6090ac2606d6f9059da21cf23dc2a575f745a36184d0c2d246ff65

SHA512
63d7a882f9df7348ca500e1ec02a9bef40c7893564a04ed483da8d37c1bac8d6aa50ed7765568fde42de6c4f3abd8df490e727c9c1b8eaa51da2eae7033030b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\23279

Filesize
10KB

MD5
56b9be0c5b6937cd706ef592e208c326

SHA1
b5a734ffa492ad760f338be75d0d0bd064290897

SHA256
15f296b95dcbc0ccd0a611604b1f584a07c452014b81b5d7de4ad5ba507ce667

SHA512
c2c5ba9f883f069426fea6f55652e278fb01cf4a5e7c5936dfb06e5d1a015784ef3f80c2ef5349a1ee192bf95ea63478fa86c53c515b0efd940d9e96383df991

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24708

Filesize
10KB

MD5
ad1815feb0aab2c3647226710f9daf0e

SHA1
a5df92b0a7fed243ca684d3bac406b30773ffe5f

SHA256
29dc0c3f11044dfe5342aafe0ba0808a0626fdc4b4b78b3be41adcc93e29f441

SHA512
ccb93cdf5592e94a794dde80ef1fc42d249c3a5aa1754a4a018943eb4c9ea208cd70fbf62490bd20fb054f644e525a1b4ced3c497260e7bd17f125ff43b9ab6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\250

Filesize
10KB

MD5
fda09d810ff1a4dd9579c13eb337c38d

SHA1
049e4e13eb871f7983b59f2cdb7ee6d122a3662f

SHA256
5532cc88c07e191d7798085534e572d95ea16b7f39e59e5cae1a0d55bf367157

SHA512
c1290a9d5a2bfe5e801b0fc13089d6051cd19e3df45277679ffae462e80707c84dd1c097df02076dcddb298f19554d55a5fa7ad67b02a06896161e0634de2aaa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25606

Filesize
10KB

MD5
dddd52af23c54a3904da9b1da91372d0

SHA1
42a20f23a356538f11ff76b73174e60bd84e021f

SHA256
02b44612348aa664d5dd7206f6563c359ab91e3ec56922eb62c6fa2e543f5b8c

SHA512
338e5957bb0e131e3e33a50b296d4953b6a723a849b07c125a98d59f43713d43f17b8d823811b0076e0c3904e8acb14937d5580be9d491d073fba7aa6c4bac4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2634

Filesize
26KB

MD5
5bf43f85621f938ba5f161c4730562c2

SHA1
198fe91a75d928d1120113730a055a4538c198ee

SHA256
6de16ed104d6a1d7a321a8d8a0c380df1f9aafe8d372bbb47ecf8c44689bee96

SHA512
eb7b1890f1d92a706e50ef0c4bc2aa7f2669fcfeeb451b2fc4d6e288b7febc4ff6ff1b392aaf273a8e9e925ea1688fad03253f18f98ec4142aa917ea92d73596

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2664

Filesize
13KB

MD5
9d443bebe1fb54f5db26e8a2ed5c88f0

SHA1
30f3ec46ba421fbd901b48d7648eb51aeaeb1738

SHA256
c51904e5dc5b0a70451f1b8c44a72639ce41ad13a2300aff42e15af55b7c4ea0

SHA512
ae3ca2f3f0481e9600099965f90ca53037a68dec913b52f5f079d1e568b24da53adf81ecccb7abee70e07caccca1ec35d062c5bc4983ddd13ffbdd8e4e398f96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26688

Filesize
10KB

MD5
0f3d6c1b5195443d6781f2df0931fb56

SHA1
2eb0914e82dd2fb8ab9bceec8dc90ff205862c84

SHA256
82845a69395e53c9d5f8b626ab34c7ea09061df57ca7e9295c65e4cb163f884a

SHA512
23c39db1ca9c2fc79702994e899ca87e3b53508c7da297bcb5695a2f53bfee2c74136cd3998a8a305d9302e660fa138831977640969a6ba3f513856f978f0737

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26708

Filesize
10KB

MD5
ab9392eb71f19401b72dd65289f0ebe1

SHA1
366df918f5ea6e2571f699d2e5dd7793ef286ad6

SHA256
fec56750184edd7e18639740a446608450decc857c1c01db7ad0b6510fac8a36

SHA512
b66c77902fda350485f43097b9e548f91598d0b2513c0c7659cf573e8e6d13c52f0d2dc19677f082c3fbc468f1be95483a14e9172dcc3d5a81403eeacfebeb8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27048

Filesize
51KB

MD5
4f29ba1c3f1def9fbd318015bc7af4a4

SHA1
ca5a9393f5d4492f9e8d3848a636f33b595ec86a

SHA256
19502d99447e691bc43cfd922dfed04d6b49453fab4da7650c8119349807d26c

SHA512
c5e7e364c44850770378f43f73f1462f2961ca8d87834386974ba02d849984460e2f3810fdd2d655b87c96cd4a21e97185df7dba0933d29bc7ff0da95b194eae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2719

Filesize
14KB

MD5
c196d16d522231e84b8b3ab02d741de0

SHA1
e234578120d9ae94958453e22b8ef9f942f43cbf

SHA256
66467917a852ffcae64bd790a22168219745f9913211e3c6ef79c1f28e7d184b

SHA512
7eca699c06dbe29c32ed7d91f273ddb17c2269dcedc895c50be633604f77c80e07601c34e8408ee127c8d8949c29c4b0ab5e4f3fd357a6ea91ae3f0066b3e94d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27401

Filesize
10KB

MD5
9e2b9a6754cb1fc897ca45f64d392e31

SHA1
d4a30cb81cc73c0f283f2343bd4fc8656c3dd8cf

SHA256
e720ace8817b07eb0ac6ee22fb11da8d23916e0ef4b822e9f814bacc133492b4

SHA512
2b33cfd2fc1d037144fbfbc3137c66e14d51f74d62dce206980b76b5dc239c93d267bb326c5ca06c72e6a4412e99286e9a002a12b41ec17ad7a00f8d98badf85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27598

Filesize
10KB

MD5
c3b4116383cb61eb7c15106d19d42f6d

SHA1
a5424a2170ba0a99750e30fa462344fc4c4df3a0

SHA256
dee5a00642872f12d48fb7ff6b28c2155f8564c3468be299f48f3a840c6558b9

SHA512
ab2bcaca7f7f40a67c2cd7717d1dde770a76133ad75ebf04e30d82e6db24e94806ae1a2c673a77ae56bdd2ad607923719074eb529e70d755632a247fcea36719

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27821

Filesize
10KB

MD5
1f9e6032b6c682c6e6015b231be5a703

SHA1
dc7cd1f154170db3a3b1114770343b4752fefc41

SHA256
407f45016ede6a25b1a81ba721bc8569fdcaa0dc65e0252d8aa2f80e495d6281

SHA512
f70fea45956994d6551f3afdb489a189a141c9a034b17d921494d759d1420d275c08f2a50449d826bd86181fef67381251fe1411472dc9c1f680e7075bc2cf7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28198

Filesize
10KB

MD5
e8951574da70c7fbe18eeb968f2331e6

SHA1
2766b185112eafc67c0cffa5d19fec5e9b0385c9

SHA256
60a00cab63abde8b8842b1f9b4b7dfc314f9daea5d3e4624fb513579f4112cd6

SHA512
cf6ba12fa67519c3fd8547615d6a2ab70a4a7c564bf6b9eafc7277efbd8f8753a5e40972c0b39ff33cf505bc43d1e05ed6dfa4dcd8ff0479f3f94116896ddb71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28391

Filesize
11KB

MD5
1ff58093adf0b40081a6a0df836a1b56

SHA1
185d4ee38368ba573610d6f68a7d1dddd7aa368e

SHA256
0d598202784d22dbd87956c387c406584aa82959c0680853bbbca7a9e7d9b774

SHA512
122bcdebe880ca6aad73163a73c2a07e3e60d025d58904c6d52acdafbab8a948d00f87c68e28c6a8e07c9d7ca5e891f6d15c3e0f3550be59f786048d7a9e0513

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28964

Filesize
10KB

MD5
274b0786f41ee2012c7f40108ea073d7

SHA1
b24ae1f9ca6631a0fe72b82a939200b6507a64bb

SHA256
7c4f5372101d5fce363b7f8c823f5d03f2951aef1654a4d5ebfdbe4f71c46a3a

SHA512
437028812b9419f15b130b533e3afb61d9c16188112781e791df761123ecc835d3d30b01b3ac0c3427a3b92af8d213222849efd3c4a1b903c91e4c76b34d8281

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\29292

Filesize
10KB

MD5
d33a8ce299dd9aae074b63df38a4f05d

SHA1
15a77439e326350019f0934abd93624f80cc5c75

SHA256
c91a4a2f0fc031f1988c516eeff2dc5b45d59751d5d1c5820d1c3361049a34ae

SHA512
9c6054628c7a2e0e230e2814f200aa6c7e02029338578f641f42a17742043dea9484741e5954bacae54a67b0f3c3d64ce3b86622ab4e50515ae62125296d4611

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\30983

Filesize
10KB

MD5
9c1aec1b70e9c678fc38184a9193755a

SHA1
77f678888735e8e726f55a7ff3b9a58355a289d0

SHA256
8adb42d2feea08ab6ed5dba5265716c5b35971c187cbffa3497e22775cb2797e

SHA512
82f1e721b9552b75693e32e85d73f088e98a6ce4efc68b3ee3e5557b7969dd66877df46d766c58f2b8bcaa7521ac1b1fcfc595fbb403ee5cce28de5c25a9468c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\31096

Filesize
10KB

MD5
ef36e150c3a16afab1f22adb8ff62588

SHA1
0f7b4e0e9d9bac15a49ee41645194d2b6302c0c2

SHA256
27fce1d0c71c2da5020bbd600c0289740303abd5b45bbe31561bb0887095ca2d

SHA512
32407a8a3fb8528a942eda2255082e4e0363d2e7e3a2350231327c8fe25f79477bf886db43da4ce16968bc35d7909c2614de3399fd22840169c4e62b62ad667f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\31351

Filesize
11KB

MD5
8a10f03499ba3936352f9d24c3881a37

SHA1
fda34a19a3555a0faca86cdfec8e88f8bf577b80

SHA256
afd242da9aa33887de7d905076a815e101a969301d70725642efeb3f34978a8e

SHA512
3d97bcf210c8a42aa730c52af29d155442e61a320903705d82f8aac5ef34cbcb3e66d81922fcc52e18519359f7d062729da954cad1d87e62f90f4d331fd04758

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\32512

Filesize
15KB

MD5
00950c2099e58f0a43f79ea3a0428235

SHA1
7e170718754799136edb43aa4a391e4606703766

SHA256
48b2cd916026b1463a2f5214484e9ab7862e776b20a2cf1f45741c0a4f5d27ac

SHA512
f43e0fd3db0bc3e43abc914ecd90e8ba4b9f73a3b43481a8f6d48d7f2f074dffd7a55b9ee918e84c5e2c5959c5d999cb869baed6fab795c9b9352b75fdfdc253

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\379

Filesize
10KB

MD5
de7fdaf33a2c279372c1c44edc37efa4

SHA1
70bd175996e25fccb1e7ba99c74de98bb1b8c83b

SHA256
9fc412dbffea2acb69d6d2ccd755d4e2b565c75a48bf3149b0ef9bbac877c7fc

SHA512
ed0035492bea6beb66f9136753e6533a448642476bd0d3762e0f8ab6be40ad18a84ccc1a1676fc2331b7013463c863b8d8d84b5963713544d387b795762daac2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\3999

Filesize
10KB

MD5
a66fc235249c6756a7f05a3a0fba9ccc

SHA1
680d9dbd70443d45a05d2c6c042fc937282443d1

SHA256
4c22ad08ef3606228cfe47287efc018bbfc1ac62f6b768e871a50ece363ed996

SHA512
feecbd6b2cf9196a5a7991c50e1e3b5f010c47db729f036bf7c06a373b4161bd5359cb7fc4887060566a47e62f5feb8413c4c204db97dbe1d2398fe6fd7c7bca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5207

Filesize
10KB

MD5
4290a551615dcc0fbcc84fc37abd3807

SHA1
2cfbad57bf1d046e03dfa8ae7c1067d9dd530119

SHA256
69db888058d439808ade0cecbcae2d7b041d270a1fd2f6d0ef4f78831bcd7bc8

SHA512
e42b3345ad0e60e9ed6e949d4aafa722c7784210ad94d1dddafff1fbfef59401457feb763391251cdc90a11942d5bdd0ba6c5cc83151265299f092cf2daf202b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5412

Filesize
10KB

MD5
ad769bcec0b06f86bbea19626a11e549

SHA1
186941b8b5ade1a8c58df71b348aecfce9d4c0d3

SHA256
111affa971ae57ccd82ada7d8389103680f5d9ecc3ca99f7aac9e8b60edf9354

SHA512
daa4249a76a760eac0e320792c6c179a7bb6d20231fd57e00961bd0090a2d57a9118addab180824db63140f754f36bc574ed365faa4a99e302324b6293c7e701

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5612

Filesize
10KB

MD5
138d45fddead6a50fca9d40cc1d08890

SHA1
285ef4100e9ca30d3934183224cb32693bdd2f54

SHA256
31216d87dc15db02f486a8ff477e27f4c313e77c8752ec194cee2f3e4a0a555c

SHA512
8cd042373d72868236c32589d5f5208c32d3363b28161e32eee19036d8c380c02b3821fc72f93063a1964e4d74d775bb56810eb6bcb1445dad0ce00d719f246a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\598

Filesize
50KB

MD5
af4ebb25aa541fc940b0e114a45de816

SHA1
ca3ec12c2deb68979c2e24493a4fc9f4b866c9a0

SHA256
a69ba73d39f289abe415eed3b0ff41b2a7ae95bb39c9bc4d0eb0745d09dfa634

SHA512
11b1f6011f06ddbfe7ff8875d6ad465d16356f346ef9953a186f7e43321a6d44f7619a795e3ec79c10b87ab46b2d1f81c14a3fd2ea6c8c8662b780dac4f167ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\6654

Filesize
10KB

MD5
7e7275fd9eb0526aeb61c821f2bf60a6

SHA1
ed610b952fc93e4ff33340384c0ce0374c45aa58

SHA256
02862d8cdbf816a72d50f3d9590a4b901e4280a7558315b9efee8991be30be1b

SHA512
f82a4c4217f0e4ba6c4af49a1cc45e5f41b5087312701ffa3c5dff04a606a959159cb4354846ac8bf97568ef395a15d7b619ddae6a09d1ed90adb9940517ce6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7129

Filesize
50KB

MD5
6ba68cae3fcd98d08a6e0776e2b87227

SHA1
0ee1365a813922b9de9c0c3971e594cbab7d81f9

SHA256
5200cf2be5e12e49640f6a92310811ad41adc6fa32588b307c9d81f394332b1e

SHA512
596f34349c8ff0e5d0aea375bed9994eb9d60cf9b17d4f2f64c10049fe83c851e9f1f3aa8e34f1a3301b83f33ff517dbb5b96d138ebabbdfa55ab771d875b93b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7342

Filesize
10KB

MD5
df089c57115b6604d06ab004844ff6a3

SHA1
27b169de2d91584ffe3d43b873a792b858efc5fe

SHA256
79a4beca22850656417bdb38c6e5b34afcba94b262388db8cc07cd7085ad04c1

SHA512
ca563a3b379193f8804003bf789db79eb22ef5cacf7456077c76af957efb10cf3fb124f1b1f4d32c066472d2bbdd9847d4d7f75779f50e66dbfb2f182de0b6e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7992

Filesize
10KB

MD5
7bc6a74c4c456626c3e8b0cb36d9a8ca

SHA1
67c4388ec2d4db79297e0fc5dbffdbc92f20084c

SHA256
f632cb5fab214e198cd73f8522f5c4b4c3475e58bd81e477fcbfc4334defb412

SHA512
de7b21f661acb2b789e6e44372aa2835749b1b7fbf90b8c9d9437c6db8cb0a6053e79e0d4638057dede0320b09aa69f0468861cc3eefe098142f44e880dde64e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\811

Filesize
58KB

MD5
36d8c01f0f5ce71702480cd325d5bf7d

SHA1
ad9764ea31b1af5e193d65a5e51ca89382791769

SHA256
2ed41615646ff1cfce94149a14f05737af0715e9ce9286cd139661b4f0d717b4

SHA512
58e23fa6da6ddfda0fc59034b9031057055a0e1c37efc334142ea0f06cb17f9a03aac2610dc2560b69a74b45ccef8540de011b44568c768cfdedc4bc27e9236e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8646

Filesize
11KB

MD5
b90b53addee7cdfc40213a2d5771ade0

SHA1
7deab38ebcd75dedda7381fd5a4dea1d544efe8e

SHA256
0b54e78214563ea619ef8e0844bc14846f285bc7846afbd1694bca35d83b5223

SHA512
ea9cfe4ff149802a56fc1b581c2903eeeb4aa5377fde5bc0e290873592b0695ac6188ae0f4f4be6d450688ee923d58b69de2a1c942c263e7b55580ada24ef8a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9587

Filesize
10KB

MD5
81f41fb48e88793f2c39894962b2065d

SHA1
2b710502eabb0a24cee32be1ed6dc90ca92dd0a5

SHA256
369745dba8c2077107952b357bd87bce54e656b14b36fb638dd2ee2642c50436

SHA512
bb2146c27eb41e0101a69dbd84293ea17c465c32a247f36615cee23cc446fc0f5ae89a8bc9b825ace4bfe6059a5eef17cd840bf5566758b50eab5162105d56af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\01388EAB7CC5B2690B4FFE0FCB5801CE225797A2

Filesize
17KB

MD5
72a95587ab116b3ca837d27cc23470fd

SHA1
cdf11b776e4b97f80d1a076ec6d9fd58a04ba077

SHA256
5cfb6e40630a4724fa33227abf6024c26891129af2986e20e0b8d787ab4fa64c

SHA512
140ad75b944e480ffe135161964a21668a00b2db0e0b7d2c3df6193018405f6eb2019ff21a5b9390a684d45bdb96738cbbc3f0e04cb50d329a4ec9d7e7b53122

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\0A0FDA3A4259CCCADED05AB21B00B04A41949DB9

Filesize
70KB

MD5
bcbf0707968c9c0f6acad41b4cfb5fb9

SHA1
54364c5a64dbaa2aa3236d0e41de47bbf0c25abd

SHA256
5272abd839761b10d6b442f9be4eca7aba75ea891c2c766a6494b17158b25f77

SHA512
5eeb3c6dcc76fad867a61135bd1e5eb1f7eccdd863ab688be86fe1cb068d7fb4f5feab44d3b9116efdf2cf0bdc7c2f34613f23d3d3d0eb5c69672d7af879f08e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\1DEA0AA8DDF50849377371E75B8DB782D42D0C18

Filesize
12KB

MD5
d86a559a92f42f9c933d16bc338605c7

SHA1
7c00591c44eccc1a8fb05a92804c9bc2b7386746

SHA256
11380c843ef1e9a437e08acbabf0f125b399a63680cce6abe056b8cefaf01bfb

SHA512
2fc4e7f228a7fcbc6c50a3b46eeecb34dd55c123e7809fa53f73111dd86da019a00bda7c06f6f75950137d9c1b28439243df67b3c8b5fde7d62985ef5e7dc91a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\355CC3C3210B34A8837B742A876B21CD9312522E

Filesize
23KB

MD5
4fd2ea53558d80613b47d0e2223b3f09

SHA1
281c4ea1c9099e63d5661015853a680728a3ef77

SHA256
bb2d3e6264a64e207cabcf2b6c2ef7f7f0ea980b23fad54744a48ce884bfef33

SHA512
6b62cb5b7507fae46a8dc751e8f1c2844ff2db479a5753823c649e062cd7ced94e7a3fc30973351fe207817203b5d9995cbbffbc9250d124109cfbd7b72f8958

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134

Filesize
32KB

MD5
e4c09110ba1cd3268946d667e1cd1b0f

SHA1
17cbca5917649a2d8a8568a5748b5f8f72d6c2fc

SHA256
16a708d2f2c079c04e7a1edd492890fb1d0f3c4be5310327679f938df0882fc1

SHA512
4e77c3f9c250f95e169673e228874321af3c43b16699691bd50af575c358961a6cb83280d0b3e7bcac65a76ac6bc37a820c003c885bbe20954f4db9bbdd53111

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\3B7519773384A22CF6F538938E16FFF2B9AFA626

Filesize
15KB

MD5
e6e76da3e778d1cc767cfc1d23f73857

SHA1
85f287bc624a31e5ebba5d02f3ffef4013432e54

SHA256
b92c4771a20acee597e6471ad165e5502f7d8f6677fff74e709b594d9d9a0e2e

SHA512
b3bca2235597318bbd8f08f82381336baf493e5e8ab14e19fbcd691de96af0e443b75b89f03f2a8aa69394a24ade893a546990e836af34e4fefc83722c5c72fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82

Filesize
28KB

MD5
880dda17ff89bbd7881e4828a9e18a0d

SHA1
b2a88bd89ca2cef84783e206e13b073d05529f8c

SHA256
d35db8c03a0c0e5e939104133b55758831225ba2833b64c0b20c2854f0158545

SHA512
15d625ed8176cfb75a0f8e2516e3625864cc5df0f14a52da0dbb414d0b0ab4ce7a2f9e2b805fc4a9709d496b659b79dc58685477dd56425844e43a0fba686915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\3D65FD4DBD26F470F7C13A01571B9424C679728A

Filesize
21KB

MD5
82f8ddc7c19fed64e1470bf5fa386c08

SHA1
b047274daaabe35493b34150d8603879a6709836

SHA256
3f512468f3ee03cf05794c2554908b8f50080fd2957212f32c035a9af45a136f

SHA512
152629d39f329aeee7c2e6dc34c118a0b382735a7fe050ca136384d261682bcca8f45c1d92f20265f2a5ac805dec41ba2125e4f4e3ab36fca9a1112f364d2162

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\4EED77ABF2B13446DC47048EDC01C87DFC8AFFC2

Filesize
30KB

MD5
3091248eaab0085368b518694da9ebcf

SHA1
14671d6289fcb7cd80be9fe846d85c4ad6a50b5a

SHA256
789a0c5cdc0f7ad49b8512161d21eadad4ce3e04d65f3b73adb8623ed9a1709e

SHA512
18f69ea217d09144930f8cfa674c787371a75248ef0c959301976b3efb4b4f34795a42a7245c14a0e86894e26e0dee166f031f87d55119d74a36a7d6d2b05341

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E

Filesize
12KB

MD5
cc6d32c92cff5bfc2ed9a367b28699dc

SHA1
ce73ed05f31c9019f4a88ba003c1302b4992f559

SHA256
f9c2d4f901ce87b0db72c4ebdf4d59c24cb0791c56a5934cdf56c29f270c85a2

SHA512
02ed5af94d34b5c2038d0285720183856c3edb031314376e6f90eb7c20e04b472f191cbb1ad1105d766cb4428b081bc5dca55a9c216d61375bd7dab306dc95fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\648663BAAF0E9EAB1468E7EA11A63F65C6A57932

Filesize
22KB

MD5
94bad17cf1ca9b8876b9e80f3d90febe

SHA1
d4e988fb6d3bcf87b7eb505b5fb5b6824057d1e5

SHA256
25d542561d0246ef97f013ae684e0da23c98f4921ad5097b68d1b69dcc3931c4

SHA512
2fe48d6dd9b1345210e2cd3987db1ea733c4b6a3f05ba4b41c06f5f94f8229358f47c72cf3a1b3b6c07355fa1d8e79ddc06540fc4a2977c82905b10f725297d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\6B39CEEF992DE5635CD5C395C25AC97DB23F39D0

Filesize
26KB

MD5
596aeb0867a68f458b7a6cc1cd6a557e

SHA1
2bab6b515e20c4d1e5dfd85d1703f8a10904a165

SHA256
e098f20ce652b90cf0f0e9b9ddf696c82b9a2ff3eeb275f68fd1ece3c4458720

SHA512
b9ba42e240a58722fd3b053be0cb0e88ce4f7005db916377dc41c7def470f9ef690d4bf102752a1aa7922ee4872b0a5162c43bb6bcaf7fa58059c0998612d26a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\6FC6C54ACED261CC5B51B2BE5257D260C9C6F4AE

Filesize
12KB

MD5
9f439b216d9ae0f5fedc2dcf4aa8c755

SHA1
13eaa727dc2f75c268fb776a072507e20df10c99

SHA256
dfbbe4a98c487f02065ede13997557a24d40c0f4085f5bd74d58e7057489fa33

SHA512
4eca53c82a950f6fb0181349676f4bcbcc8853a816a334bc47dd6bc2eff6b54443f653f281a3a3300e3147dc9df28a97cb784d9accd1049353c9365758512007

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\703B5EA8EFDA3451FE1A5EA7B2D131F9D7B59CDD

Filesize
12KB

MD5
a82155b3efbf7d5e78cc112bf59f2fc7

SHA1
a258813a9974f2741c3cb93c26f4a3a074007b56

SHA256
5689c18f49e8a4eaf5d360eb23936f93d39cb46f1b4b6f1fd060f1cc95e5b7bc

SHA512
74bbcd16888f79f9f9b1646a961732ebd88e545253497c72c352629e2ae290f2441cc77cececcfe04ae8154934574c3b296f1a3903b7512986c0d88861b2fcc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\721790DF4D9265AC47DBDC48C7C63FC594274EA8

Filesize
33KB

MD5
d231d54523ba562b246ef89d8547ac68

SHA1
8a56ad6ae075f25e03050390ca6b9560f6e95790

SHA256
594483522cb72d74a58e5b749ac60d0e09f146a357cfb62ea8739120736e87af

SHA512
ae2511411a38abaa2ebb8d90a7f439b838764a99e8552fe69fdc625e0a75bc7e65c08fe453082efc96a8151acc9872aae4d9dfb9729e44ebf0bcd3f2bd40f9ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\7EAB4CA2F3AF37493827059AFC73CDF16C538834

Filesize
88KB

MD5
cf2bad30bdc0066ec9e0564df95568e6

SHA1
4960e70d8a8f830a0a9813bff562392682103b46

SHA256
5cf06a57d2ad4db2f08c4fba48d4b3c117cfde0a5c8c1024e729f3f4c45e9da0

SHA512
66947e0e9ad0ca34749c3a35c9a77384da08aaf906a71b7553a45576a4d72f10421abb4355dcb45893b74cb72dac843747b87d8016fba033ff2b95c7261417cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\8391535E14912E39D6CBA66BFBF18735B025563D

Filesize
49KB

MD5
5bdcfc16935025b358271dc33a93e14a

SHA1
04f7efef0d9e31b078d284789bf5b5b0ddb7267c

SHA256
0bd09a427cb4eb1646a3ea35f1f2e5dd04dce8a249e06a72f07f054d613aec3b

SHA512
d0b915cc9527b769577f997816fafd5c65cb0737e05afd506e7f33628173a85f657921c4eaf428cd5cbe6aaa35a37ca68ffef91bd1820c0c3624eda2f02a6c76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\915AFDFD778016D407EA3B45452B193625D8D25A

Filesize
19KB

MD5
cbbd4759049a4e17b722408763d7cac7

SHA1
5fc4edc13e37113a37021e94270e56f31164b1a5

SHA256
3cc50ed665e6531cad07a6958113cf94e38b98aa33a9eb2b66d292dcb9e7b5db

SHA512
048ab1eb62c2a19164b593a642d46c42da0451a441b0c3619dc7cdf1c5639ef6a443b0b1d6e880d27cc013e332c1b801b6923fb274d471ef89a6b14d93ae2219

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\94DB85DFC322E28D2427B5566A6F9F16D0B0E4B9

Filesize
109KB

MD5
7c788ee0bcb7516d2ed71c6fa664677c

SHA1
663c0bb640ee897e398849ac61d08c982e73f7bf

SHA256
43eb7ba5f0b57dea685847519dd2598d5e19f7dcfb1d69212e9b196f1475cee7

SHA512
86466baeaaaa30e1c4e17e04f99e7dbddb8a65829aa931b3a1348aa6eace3fa53c6d66a2af2e1cfdfae501eeae4f4c01e39fc094fb4943ac75d5f0c0c00a8e4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\9A11F701CA9E2BC6AAD2302AE6DCB2F06F0F1FC1

Filesize
67KB

MD5
7e1ab5446b7fe1e4242d09cf15c7f7b0

SHA1
e41f0f3d5bc349681ed051b51c30f3ec27db616c

SHA256
e2a36b223b747cb9d609ce454ae84f76e6728b7e5897a71d2477d894e5e97742

SHA512
1685781bc3f8a977e47abe925a13bfdc1542c526dedf189b2e4c52b302243aafab26208b50c1d032435d3eaa9b31cab94436afd809a7591120c29400803661c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\9D3AE548D127759226F34A95B002AEED29E7F754

Filesize
12KB

MD5
d4922be5e959fc3be35558aaef6f577a

SHA1
41edb9b0bb47864315d72f753acc6e51b30f97d3

SHA256
df5549c1e18687663226d6d4cde678c0fb57807115a905035237eee9daaf0bc9

SHA512
4e397897e903b2b7f34b8b79b735e02a8180a4aabc3ffc60423a885a59d0ba1d5c5038fc03dffaf08df7001e60b1951e85c4b800fca5fa70ffb4d69aa7244fd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\A82DD9725F811DF1BB8CCE3B40E3DA6FD8FA02FA

Filesize
50KB

MD5
af66ca41c439b7f9da2fa78118127182

SHA1
f83ebd5d95f9516696c218a5ba997e78b7ffb15a

SHA256
4e3072df3264b682846871867cc45b39f02f69169d1c4578b292e3fee277f315

SHA512
5a8e8cb5f17c7562de818984db579248df5c7f2eb18c9a01f4a26694c5b4b9be267ac0420c6213709633644b880d91d459c3f8029ac5e5220c1523e42e4c7ad0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\A876C8AF86717633E6E46572013B957E820A5E24

Filesize
29KB

MD5
852f8ced540ac31e536d5dbe7cb63551

SHA1
08b32031702837bb1c4229b1bb9722586744522b

SHA256
c6c157780b07df449b81f73daa872fd6a83c413b312cf0eb6d31c9cb8f512c80

SHA512
dec667681d9323bb3faed70edcfe2cd21ea9360e800e75b8b0749aecb317c0fa4f5915795b745f6e7f92d1743f9fe08b747aa9c1406cf5280d7f5c4492aed503

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\AB0515472184E52CBB1737F145CBDF99BC3C4914

Filesize
13KB

MD5
be7bec8b573b6921380d0922d50f9498

SHA1
afa09f8141e6edc3c1b6ff017e9038a02769f19a

SHA256
27169eb712a82ec2362298a69fa955ee11c62f1ba8293b9683eb6cfc4a28a7a2

SHA512
c78d1e58a74c24c17476cbfaa4377797cbeb4843baa4c11e7e012208c17abb21fa97c9ffc7ee0489333160dac686ce805b2ecc84a28c00eaa684f5bd14e55fde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

Filesize
67KB

MD5
8a33f5151c5cb5261586db3b9d7ab6d0

SHA1
feac7d04bb6fcce1b0ea4ec95a29998ce78192c1

SHA256
0ee58f11301b6de2e58dd0893ac57a1705f48adbb0f5b28b4dd1bfaa2309c79d

SHA512
835a67334e59f9a91a3e64bcd591c5082e51ccdf2490229240b09113356d524c4ef160d1b4a999447d9870891d38665e0a56c149e6da2d08d445a7ddc2268f0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\CF0B39396412779F06F4DAAAE98299656DBB2DE9

Filesize
35KB

MD5
0f01d4ba361f7b4d96f9132f10aa8041

SHA1
29f510f891be276cf5a1daeab5eedc6df4efd2da

SHA256
9e5beced959382bf0166f7219694bd6187cad3aaef60b425c434ec773c7993bc

SHA512
bb1939cc80cc00e8b82c4856576fc6fdb990daac5a558f050c65fc80dd2d19af17d04f7c8c2a27c690e54ef97c4162edf9e5fc30a4bef7350c83f5b3937c13a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\D650AE16FF1E3AC7B6DEEC7F9E98084CF18338BF

Filesize
93KB

MD5
9033594179985a9edf7d4dd8ecad88cc

SHA1
02d4a62148d736abb7da528ad6d706992f30e6c5

SHA256
313706ae66be43d67e78bbfa0d125fb130d5411ea1858953da938be7f04b104a

SHA512
b63adaa7c65d93d026ffb57d1dacf81e6571b01fbb2d3f3334e6092bdf5969768d24610990c3bf74879c63f425b20f5b39c3f41a2ae40a31b7a8f856216a30f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\DB01A54323E5CDA374E0C3E72CF9576D5DCFDE0D

Filesize
24KB

MD5
3a0f46f1d2a183f6903c8c29573b05e4

SHA1
ff8bca61f7b099c8d87a0d83c62b75c753270baa

SHA256
5798481011b9db1ae8346cd313aa1c6b15a5726c68a167999d910260494c743a

SHA512
b6cc5340b2552e7c4eb7f6a19ea8a36129c99a2a7a0f6d1a8b0ea9544b5ee193e396c77ca6cbe768e628136776017db278813f14d37ad0b05eea08082be8a135

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\DCF2913E9007672914881A47572949E020182899

Filesize
57KB

MD5
934e2a47ecc438167632e754282ceae8

SHA1
30861307f38d54e88277a8eb0fc842dd57d664a4

SHA256
c7b7c32e0f7810e16e0cc5a283e8423f3175be03230b5f39a765d686742c468e

SHA512
689f9abe564a3c66343601ea171bfc9e9e8afbc2298993f87e9cf77b009b437ff1b655b2c21fa715801da9508ee5cd36d673f6f99280bc2abfb39ea67696a914

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\E4135376C57D2895B4C02CB032947FDE3036FC33

Filesize
51KB

MD5
2f40aabc111539a9b50f1718fb4503cd

SHA1
309df437e080276c5a7043657364f6d90b148a76

SHA256
d2300dc5e7c989787a2373453caaac221969e61eadd97f9c6f16d4fd1a8a4186

SHA512
3de8c32f9aede7d1f6ddfaaeadfce1ca950c3e9e8feacd0024015429d0bf6d3c23403be3ba231913fc8e6b99eadd805ed3fbc75c69ee8b4a1308591947aa9d8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\E782A51C589A0A43DE636DF6F4ACDEB1C007F902

Filesize
52KB

MD5
c4f2ae45d83e872f9b4c5e5a77359c8c

SHA1
2ce3cf12f793c856d0804701cbebf80586ce0b06

SHA256
0becdb4ccf6b74bd785d52a96974d80d71e9d5e33be2015210683ee3beafb6ba

SHA512
7816ce87e2f0e5f74af7d4ca97a9898f39a4f7f1c9d78e85878b395cd62f37dacf31c3f471fec0d54ddf9ffdbcf541432fd4aa916c434d4d7335bd1cf5dc2307

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\EAEBF10FE7FF4055BADC40F5D94B94B92F32F706

Filesize
12KB

MD5
34f9f70cc92a0c00332782c2901e5150

SHA1
a4e4b08c59f4c49297258e97ada8297ec4772554

SHA256
14ee4ab4facacd9374a03b4f38b6cce1ab338635f0fbe07c26f7c5fae6348341

SHA512
a87667bf90f0e157ec76900d82521a1b4f124a203770668aa8adde876ef8825453e74e81e2f6b6b4fb266789a2881cc0d2cb0d6244d9b14789ebad938b5e5afe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\F5605CDE9AA4A232DB99164C4F96F44CBF65F422

Filesize
35KB

MD5
19733ad2c83af0fd9a30d4fb7a5f2762

SHA1
7832af5639a91c3a83a5913eb51856ddf80825c0

SHA256
7c927ef11c129dd452719b945384a5770ea4b1e45bca5e5790f3f75b8cecc092

SHA512
1bbd14614a7a44d43428ab03c84e97f40d6efd9dfc81a25c12358ecdfe93cf172e203afa8a9c82d599567de4c1b89599131719b626017aa5c08323330a52d515

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\F98212B5A8265D3B0F8873519620824758FCBE4B

Filesize
16KB

MD5
8c0d74dca427136b9cc171f09646dbb1

SHA1
90ddfb83673684574f2fd261582b565fe363ab42

SHA256
e6dc36c3e2a117aafa7a381f71da5bb35bb9923e2d57a806a2eecfa3a567b346

SHA512
833664033e9232e86317792a43b57458b78a36c58e6515c5eaf83e32f2beb86ff66db0f1e67b045eefe1c720000934c6785815ed75cee224193736a0de988689

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-472BD883\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6308009873b6e28576872a25a9dcd1a8

Filesize
30KB

MD5
eea664669fad3896734b5c8afa27c4ad

SHA1
97fee1021781a21c07c314d2f9bea7b9aaa9ef00

SHA256
5da55b02fe05383d2ac37c15591d89151ae0bc7633726b7306ded22309468a7d

SHA512
d3eb8fe67e3443f3e0eb1359d002375fc915480fdbd964869c57e4c72ed8a51036672a07556543df693a55f6f42f10619091dfb4c80b6dfe449042c9c68dc06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\767fd1c86a6438f2df71a3ad990afaac

Filesize
32KB

MD5
d476a09ee25bb66a4ab91d35ff584a3b

SHA1
9ca76f062203729833fee1062958e2427fc95bbd

SHA256
c9a384ebc661703566094ed2c8507d7f61ebdd4b58bba5cf1dd3db9c1c9225b1

SHA512
cfc6672bf146ff792ce8a3836cbb7e12c77c899b3295306633b03f3dd670ade91f452762f8d3b908071c16d2b9759123247264829e3383beb49280ee6f4d3436

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX01705CFE30844CDDB76F57F5FED39EDF

Filesize
91B

MD5
b04c0dc18c7d55cd67b193981117e8e5

SHA1
de1b8da5292626c82c5369243ab17e1fe87819e8

SHA256
0e9e0d48cb004bf17d389dc2d43451e7c45546210703bf2c36048568477f538a

SHA512
e6a2aea601a6cc021d9537fd56eaf034dbc5932f9dfeca57fa69921733af8d1c22fa4997a596f2895ca60a9a064ace6a135a8c5893381595521da9cdcfcfbef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX232D396735F1454483CA99BB9647FF50

Filesize
91B

MD5
9de52d85b06da1acd48afa0d6d1d19aa

SHA1
6683b9c8eabeb1f315873fa6bcdfaaafa9353ad6

SHA256
8b231ef4bd7d12979f583d8c1b89c66ae7e379d6557a1bb6bfeffcafc15f1a2b

SHA512
f3c1210177102ad92dc8661720f12f4c6aed3a86991b59c823471464feb2eed41cc1512acc864cdace009852380701c20a694fdc0311d5a023c2b9298979c8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX2A2E6E28D5E446DEBD43D299D9BF1930

Filesize
91B

MD5
934a11b8eaef18e6790e660f167b251b

SHA1
1195e4573af3ac1c966de8210b162d76f57df7e4

SHA256
8a8ffcca05368fdf6f8941aa5ebf50c565c4946e660dac731827703d5d36665a

SHA512
7b9ec190b7cbdaa40921a775beb6cc245f9e92b12785d0c1a9fc6285a996a809a2c80546a099fbdf5e2628404e4cedc2ab652f3e02c27012fd2fb3ea6d1ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
f17568ae9c112874b9ad91cae53f4c98

SHA1
fa70c285330d99d09290a6bf426816e4a7b6854c

SHA256
34be3884215b832fc1678065b4930604dd057c071ac89e38e4f0813d28169835

SHA512
ce57db617f40f5ee43ddbcec7572199c719e02d6965106bb2cee6c2df4cf71fdbe737cfbfab9b168a565dc0bc6a3190bf1f9cc2a7c85405c0dcbfb4d8c302f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
f17568ae9c112874b9ad91cae53f4c98

SHA1
fa70c285330d99d09290a6bf426816e4a7b6854c

SHA256
34be3884215b832fc1678065b4930604dd057c071ac89e38e4f0813d28169835

SHA512
ce57db617f40f5ee43ddbcec7572199c719e02d6965106bb2cee6c2df4cf71fdbe737cfbfab9b168a565dc0bc6a3190bf1f9cc2a7c85405c0dcbfb4d8c302f22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
1605b80f8c95ac17817e9696c158eda6

SHA1
1ab0914e6c5e238e9ab754bed1572d188c8e81da

SHA256
12165cce76385c36c14f62a4cd0c3458b2c5cf2f28869b968db56f36c3dd6d19

SHA512
355aceb0fff4afa19a67c20065b0000214d518c5e6d93688775bb627166fa7eb92f431ad239fcbe775646a614ff07264ad74a45a505254c5c330fc8b9bf76317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
c6d767c0dd73269f7231ab77dde5da76

SHA1
9d9afd3b55ceefa2dfac69347a8e64a0aa8b77f8

SHA256
bad48dfb0d4d1c195737df1ad226dc8409b5517456fc0fe017eba762255b3626

SHA512
7c7fc8f7782289909eee37ef9e9adee4a383a0ff2496d4f37089dcb5fd884b2c244509b2e82dd23250354e83a47b1239f34efa46730794aac4aa38eb1e5d903c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
3cea51bd3e5d524c674ce70ce6b47aae

SHA1
82cd5eaf635d50a9687dd8bcdee45bb3396712d4

SHA256
6016818d4f6077c1f7eb6712520ce2659774223726d3bdffc155f44bef0ebe5f

SHA512
43b8130a0b4c4ed3959ee5875a9b0a870941cbe31d5ad4ee293c3a39739213160f2a1e2969b942d25a8a2bc28158e666c4a693aab892354ba5d38391f2648811

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
538adfa402cccf179580270314afa6ae

SHA1
f71a9a32fa2440560548a74d3d6b0f9c046e33bc

SHA256
46a309279d0c80a32913c19cc8d0fba66c932ce44c474d6d1996dd7195891695

SHA512
958b2622cc1cdf3b91f2418bf7cbea74e564c49786ae010ea0e2c44d4b82df49ff1ab0890cd6073ec927764188ef5fbc17209348cf3fcedbe5a4a55851d9cc1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
414ec26824a32a1d243ae52134791280

SHA1
caa4ebb42bcc7453f0ee47746c2f2f74e9eb9c37

SHA256
1fafa4e46b88e2d76f8556ec1d8791f9639a7583d288553cd75457a7d2e16d5b

SHA512
e356f1dd5d647b6286b3ba01802bf0d10c241b560135fbdd9a9e4fd8ac238ccb6f765904da781ff789e0867debbe45c5b95176f1a20c914c612e03c41a408e9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
33d08692118117dd0a15d06ebd4d6f8e

SHA1
790b0c9485fb77160fd2d2dbc050770d0a7fc1e9

SHA256
7f9f8c0989dd30a73d06e7e0c4d5d7fa1a66fcbb9701573a315a7c203eabb420

SHA512
0b2fdd698539e7db6ac557617b7f16d0fc8f77922cdde562b92d5f5405b37ec24ba65f1b5671bb90242334d4845b2ca324bb9d54356ffe988ed29fd81c1f7dce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
321416ec1ce113721a22cb662090a4dd

SHA1
894ba8c9db28b32d08fd652409005702cea760b6

SHA256
a92d2403eb2a795970a39efbee17a91b28f5fdde12d9c44503c64ee487ead78e

SHA512
3bcb48559dc531e10f0ea726a4dd7ecddba8ca3a5ad4cb37ffd624ff93788514d2aa1c3d56dafc960a696812ae59b00ae1f65f48cf9b105859a4eefd2b02ee89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
66653f9694ffed9fca92e2a608ec19d5

SHA1
a22da00baf91f1cc061a826c505b6153d28eac33

SHA256
008d38060869ec0be92066c84d0d07aa326d26e0ab8c6cc31098922efca5f102

SHA512
df9eda8159e58af02caa57143d1495d1edbf066d615dfaeb5fed22c462147533d8f93031ef588ddd357240b6e88a15b82dfab4e07f767c699fc4408b5cc619f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore.jsonlz4

Filesize
13KB

MD5
83e68883a027900799cd30f2cb50f7f3

SHA1
fb8644c47695dc98fdb86a96d5146a8231e741d5

SHA256
4a10a49984911d3ece7de0cfbcf7cd44487acd69e55e79226a2017b6ab8bf3d6

SHA512
1cecf8f86163be23dddc3d9f094631280082528c3deda3eee814ac1ebedd48786aca572e95d93f451191e00a661300a05932d0793e12705567b81c149c1c59ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++web.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
113e8936faf0ff0a56af7af0a8eccbc9

SHA1
c75a9acf3fac189858e01a605fb36af5d7266434

SHA256
da787cd03d6414c255267837b47e65948a60330bb46ff44aef97b875f0f8de22

SHA512
9720eb321fc2e3594121942a5598cd00d266de31ac36edf708da5f5ffe819a13b7706f50ac275c9b65c554187d05b7d4a98961c1d2589ac7261eaf77c52a5b84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++web.roblox.com\ls\usage

Filesize
12B

MD5
8bea241d7225a64aae85fad5f212e4ef

SHA1
7954f107e2da9b2ef78e5c9be5700d0e1f838119

SHA256
573929dbe920e2710baab8fef1e35bd5a17b4a2d16143752f16029de5cf2cb6f

SHA512
74ca2da08ff48493b2f3207f57c81e71cecef72b3f1c69ff37e897517452adaa51f0ce73ea43e5f1697849c32d5c5b2b6c2f2d1b8f4467181ac45d1fbe042070

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/2980-3213-0x0000000000C00000-0x0000000006319000-memory.dmp

Filesize
87.1MB

Download
memory/2980-3237-0x0000000006340000-0x0000000006341000-memory.dmp

Filesize
4KB

Download
memory/2980-3194-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/2980-3203-0x0000000006330000-0x0000000006331000-memory.dmp

Filesize
4KB

Download
memory/2980-3195-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/2980-3202-0x0000000006320000-0x0000000006321000-memory.dmp

Filesize
4KB

Download
memory/2980-3198-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2980-3201-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download