hxxps://modmenuz[.]com/roblox-pc-mod

Analysis

max time kernel
299s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://modmenuz.com/roblox-pc-mod

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Roblox Mod Menu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Roblox Mod Menu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Roblox Mod Menu.exe

Executes dropped EXE 9 IoCs

pid	Process
3740	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
2152	Roblox Mod Menu.exe
2220	Roblox Mod Menu.exe
1192	Roblox Mod Menu.exe
3256	Roblox Mod Menu.exe
4604	Roblox Mod Menu.exe
5504	Roblox Mod Menu.exe
3200	Roblox Mod Menu.exe

Loads dropped DLL 12 IoCs

pid	Process
3740	Roblox Mod Menu.exe
2152	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
2220	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
4284	Roblox Mod Menu.exe
1192	Roblox Mod Menu.exe
5504	Roblox Mod Menu.exe
5504	Roblox Mod Menu.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	Roblox Mod Menu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Roblox Mod Menu = "C:\\Users\\Admin\\AppData\\Roaming\\Roblox Mod Menu\\Roblox Mod Menu.exe"	Roblox Mod Menu.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d8cde1b1-642e-42cb-8ba7-2ae3fa59e671.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230403060022.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249750220639420"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Roblox Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Roblox Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Roblox Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Roblox Mod Menu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Roblox Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Roblox Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Roblox Mod Menu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Roblox Mod Menu.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
2184	chrome.exe
2184	chrome.exe
372	msedge.exe
372	msedge.exe
1716	msedge.exe
1716	msedge.exe
3436	msedge.exe
3436	msedge.exe
5340	identity_helper.exe
5340	identity_helper.exe
5504	Roblox Mod Menu.exe
5504	Roblox Mod Menu.exe
852	msedge.exe
852	msedge.exe
3592	msedge.exe
3592	msedge.exe
5588	identity_helper.exe
5588	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1424	1344	chrome.exe	82
PID 1344 wrote to memory of 1424	1344	chrome.exe	82
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 4716	1344	chrome.exe	83
PID 1344 wrote to memory of 1604	1344	chrome.exe	84
PID 1344 wrote to memory of 1604	1344	chrome.exe	84
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85
PID 1344 wrote to memory of 1960	1344	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://modmenuz.com/roblox-pc-mod
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffd493f9758,0x7ffd493f9768,0x7ffd493f9778
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3476 --field-trial-handle=1816,i,210502752533044394,982240334559203080,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Temp1_Roblox.Mod.Menu.zip\Roblox Mod Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Roblox.Mod.Menu.zip\Roblox Mod Menu.exe"
1⤵
- Adds Run key to start application
PID:3892
- C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
  "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  PID:3740
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4284
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --mojo-platform-channel-handle=1880 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2152
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --app-user-model-id=roblox-mod-menu-nativefier-050aef --app-path="C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2220
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --app-user-model-id=roblox-mod-menu-nativefier-050aef --app-path="C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1192
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --app-user-model-id=roblox-mod-menu-nativefier-050aef --app-path="C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=744 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=32173539&offer_position=4&it=2707469&m=0&visitor_id=Vdbf17edb79b6f&cpguid=y6u8i5gcm&hash=1b84b63a6013ffc7dca24d52e50fe4c5
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd589b46f8,0x7ffd589b4708,0x7ffd589b4718
      4⤵
      PID:3524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
      4⤵
      PID:1796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
      4⤵
      PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
      4⤵
      PID:4668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
      4⤵
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
      4⤵
      PID:3736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
      4⤵
      PID:3256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
      4⤵
      PID:3180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
      4⤵
      PID:2020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
      4⤵
      PID:1624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
      4⤵
      PID:4868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
      4⤵
      PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:2764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff78e635460,0x7ff78e635470,0x7ff78e635480
        5⤵
        
        PID:432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:5684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
      4⤵
      PID:5676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
      4⤵
      PID:5828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
      4⤵
      PID:5836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
      4⤵
      PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
      4⤵
      PID:5760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
      4⤵
      PID:5216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13694478218314601041,11764549624209680725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --app-user-model-id=roblox-mod-menu-nativefier-050aef --app-path="C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3864 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=2707469&m=0&visitor_id=Vdbf17edb79b6f&cpguid=y6u8i5gcm&hash=0f798bf8c3b5d2f85f9de3e5917dde05
    3⤵
    PID:2800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd589b46f8,0x7ffd589b4708,0x7ffd589b4718
      4⤵
      PID:1780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5465793280638015089,13504168722763117474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5465793280638015089,13504168722763117474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
      4⤵
      PID:3132
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3420 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5504
- - C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef" --app-user-model-id=roblox-mod-menu-nativefier-050aef --app-path="C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3692 --field-trial-handle=1692,i,1599688544314757322,8424136982492819516,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=2707469&m=0&visitor_id=Vdbf17edb79b6f&cpguid=y6u8i5gcm&hash=0f798bf8c3b5d2f85f9de3e5917dde05
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd589b46f8,0x7ffd589b4708,0x7ffd589b4718
      4⤵
      PID:5896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
      4⤵
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
      4⤵
      PID:3428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:5752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:4444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
      4⤵
      PID:5684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
      4⤵
      PID:5308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10011280581758937553,771559704043493695,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
      4⤵
      PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
57778ec463b06c059f73158648c7ae38

SHA1
ca03783548c8858d1febfb65dd1baebc6a0b56d0

SHA256
248e2f2b14242cda93900176658be666c65a317395441bb9ea34da853c519fde

SHA512
2e9afda5d0c9566ee7a0170d5462470fc8f89d6c48931dc20d980b4183fcab7dcf2830f4cb46e2c503c10fa4dc2c9f2c0a534d58d0211c73c5f86eb89a084332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5d4cdb07747f761591883461cb4d6ae2

SHA1
6eebb08619c891ef4cef80c970e3cdc557464eb1

SHA256
b2a07ce07959d7781b01f09cd9d31ae40551f8066be6df9b4201265a1894217f

SHA512
2a2e9db040a6ae10fb1dd508860d248bbc18487a6681a1ec70866490650f24968fd989d7902a57f2926158c39f9c79da264b38240c68e79fcd45522f575b49ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7dbfba505d311dcf1095d5823460091e

SHA1
7b2a30df6bc4550a1990a2ee48b32666947622b3

SHA256
4e63451e9a333bc92d3250d007249b29c31b01f067657356b7102430b95224bc

SHA512
5e64d1ea6ce856ef272aa1f571b1ad68e819f4e61c2d79c100b95d70b55286583bfd768eb8bc3d476b71ad673c1e3b40101739e2824e36d4ea12d8cb48250819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e5ba33f74a1fc2e254060158122de797

SHA1
45732784920a21d0247b1bc2f2138ac1551d2abc

SHA256
faf2f54faae96aab3888b3188f563318066bed4a630cb59196e2aa305efd4959

SHA512
13659acbbe74ca69d4f5d27081b52167516223a225b5d66eed1224fb0e80447c2178f2e68742c05b900a8f73d558080d448d245019b9c6cc256a1ccee3dd884c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8ee6217fc1ec351b54b813e595d22006

SHA1
bf046c7752d76bb03959064b241a7740d7c2687a

SHA256
15b12b50701519370ee6136bd34d7f0ee7899df6ad4c0001b0490068962e99f8

SHA512
4d93ebfe1acb582f8799669f89404da993fef39f5c23e84f51d8ecc688d32184396048a0f6f290aa1d2d40b8ac6599dec5fd5153a71b3a742367072b4f92774c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
f757a5cf4f739a02e7ca34bdf52aa73b

SHA1
399bbdb2f6c745342d79e86a805fb30a61acdaae

SHA256
8666bdd465371cf0aaf46993680e8b5465f03378d864882db98fb2fee90b763e

SHA512
cebd273ab41e280b162e26a3e70bb0376bfee78234ebf8059bfa4170872f95c4d60bdea392e0641c9a5f2f3e06b97f51008059b415b7ed8f6c2f0237e44f5bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
f757a5cf4f739a02e7ca34bdf52aa73b

SHA1
399bbdb2f6c745342d79e86a805fb30a61acdaae

SHA256
8666bdd465371cf0aaf46993680e8b5465f03378d864882db98fb2fee90b763e

SHA512
cebd273ab41e280b162e26a3e70bb0376bfee78234ebf8059bfa4170872f95c4d60bdea392e0641c9a5f2f3e06b97f51008059b415b7ed8f6c2f0237e44f5bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
744e19b788cb8bf901024e74bbf5c725

SHA1
6f124effab87a204ac050595b2121581cd032168

SHA256
9dc3342bd34d72e5e381a14855e54fb146bcb7d6b1935904ad18a95ec3fbaa0b

SHA512
e7c7b904f6b639c060aa067cbb4f668473015ba2723edc9e100f821450242b7e7148ef08359a9d03ab1a990e3fc914ea1d80d71125bcfd5f0a9b1fb9a9753ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5753cd.TMP

Filesize
102KB

MD5
fa18d956d628be3f54fd1e9995cfbdca

SHA1
1a81207719d9f4bc790f2b75b7fdf4d5ac6f45f3

SHA256
f0e498c15662cc0a847f6029644694e962a817c419ac4488be06e285883f12d7

SHA512
5780c6e11a7c60d44fb8be0c426bb23a5071071333fb9cecde7e0e666e1641dfeee07aa2a3716c65270a99cf3baa2d40997d27783c415209aefaaa2487b261a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
51f45e5218334be28303f404044f02fe

SHA1
e3d06720fe7b29f437ad82962be07fcc3ccea390

SHA256
377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c

SHA512
52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b334cb75c59fe0ca7feb04daed78db15

SHA1
da8f6cb930cdd36d0bc11af2d24dc78dc6293ae2

SHA256
33058cdf7383eb0ff91b7db2afb430b404fb6991b964171a6042b2e8c9028ff5

SHA512
a1459eb53540d665eea9fbda778801446d25ac77d3fecea41690c7d28ab27031147c227e8799086e4d68e9d2171b5df851d974673d7c1364456c13cff1f902d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1566d2c2969e09d0e9c93f69ba6744a0

SHA1
da6f30e516b4534cfedf28fccc880859f6c596f9

SHA256
61aece15125ce934e570cce78b6c67c22baea08be77321e587b94910100d274c

SHA512
f41da96ef4edd9f35d15e35149c90cd059bda063b713672a407e309edc0c2318bd973fbbeabdd3a9ef0fe8f854f3734767c06fbbe737882bf257b000e84701a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
0cc5a72d908432c88094e35ab821f77e

SHA1
4ab0e17290cff1ed4c6ee6753ce84b4f7300a946

SHA256
90427eab08f09bf7ecbbbd115a3d1372bb94a3a802f26c8cbe784359f71be020

SHA512
263565527b79b4ccf6fee9c790a4193f88461adcd57c3f9e0c5c0e40345786061e129e193b17c1853ae1479e3190386cb6354e577ef7507b78a06ede8b0ea51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
36965c128e3ef13b080a26b6a94dcb25

SHA1
0669ea1dda40dc5d401a011a86bb67a406254001

SHA256
63fa9f3fcb9cbb7a9e6b8625304df85180ac5c2ab0e8e6aa91bffa0653ce6b38

SHA512
dc06b328e331fedb943c35ae55b123f1e9c5d0d41a270d0b694b9ecec7db92cb9599716dc11da9b65a9682819ff34301b0b2502f209a2baa09f04309bfa3536f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59cc4f.TMP

Filesize
48B

MD5
3821627cdd37d1e226159a757f957169

SHA1
9e91f2f461972795e6a0179aa98cdacd9ffc6364

SHA256
20c044c0671575f339c9dfecc711a5312118d5ed92f41a7fcb928ed046ae4ec9

SHA512
9cb40c61bf629ab0e6148f6b096ee8bc021c23051ea0751550a2997ec1f5ee7865054cddfc392bdc2fec6b8fa516cc9ff09da46c0bc3741b6af3ccefc12bd21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
885476a717d6eb1e7c7e9ff5d3725d93

SHA1
9f48940485d81cc34447bb4f127a0f541a39c070

SHA256
50f1a9f7638139e11dfe3d62bda56b8ff569623d7bacf72dc55e54b24a5c35ab

SHA512
39c96d4c9f9d4d8a15ae5ce4dca0c5253c0a22dca5393c65861e2a8d18bea3c973edf05bca9b57410e90ccbbb6f043ae56235d00cbcdd4784d629152bd69bc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6c6faa53c67a6fc149a3b89b3ddb652f

SHA1
12cfe3ff53ad0c842850bf8a7290c50d724d830e

SHA256
dc6334db9e3bd052d801d311305d767eaf77cb82822d98ccfb7e9ca878e4f273

SHA512
6b84504c01e04428bc36b2837f927419b17489fc27d9dc1bab93901aa52a9250df0e953170fc69632ba1fea1dcab17cb43154dabebf76e959314d9eb5884ebb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4b5d912def977c17c1b166fd3fd242ed

SHA1
f298d2d7ccd1e05ed3fef98a07e125a9ff2b982b

SHA256
b20152c430b372ab4f0c5f81ee311de85cd8773b2b4c8a2a5f0d49a656034d85

SHA512
b0f96e55c2ef794a5077b18dc91a0712fd48f1ef88f924007651b7abdfc49e8bd19c9624f2f30c84085df9cf57f6ba043ba4c7fe556c344abdf12763b3416fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
e4925c01c83d03a390395c7145ef7e04

SHA1
eb0b49bfe66d19015349d6dac738dc7aa7e4e1b3

SHA256
846869af4a18e2795d0b762009a847ebfd2bd7581ad80bd05a0d3edfb1b60b53

SHA512
d5d32d031509fdb44a085ffa2c22a3c0f924cb7faa27cce940608f13faf0fd24cc2cb2dd0e619bcf3f87f67cd1cf22e0331dbef2d425e461637755d11dfc658b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
978bc3656e0e2d9a4f8021606e647047

SHA1
c81ff3e2843c854400dd10f511a3c288cff35a21

SHA256
bccb1740f6e1a4f1c6daccbd7567f9a5e73aefd54d1d26d05d1b83a59aee57b9

SHA512
9f266ca5e65f4272d31b0ffbe88f54c06aaa71c5a3247e2e6f17e1142864cfd96f0519189859b9160332fe8fd4fc34d49cea47b9eeaf0cf2a6dfe2a78dca7b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c4a1f6d67d8f5fc7c7ee9bc83c4e9334

SHA1
685183cdd578ce95ee85ad772d6cf95af10d6c73

SHA256
c4b0ef32d6134dc2b25658b0ad8559b2b64537b23be21c30ad547dcb5f3d6567

SHA512
4afd4797f089efbe814b4c72aae1342be95ba889e2c3e54e9b31915fc8c04725228a56d21bee35745aec13f3205deaed36aaba6410bd1bb65bc887e02df936c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ef6980627261e10297519aea311dce4

SHA1
dd8c8d18d186afd1cb95a883d1af911ad99ba6f1

SHA256
317fd7d09066e7218f8155f6f19fd1d6935f9b6a6d294971148274f26262cfa8

SHA512
327ff25ddcd121ba9655db0a1f31a32d16def9ff50b853e9b6ea1c8a82e1203d2dfa1293ac35725e22113b8ba6484a96de378459fdf1ba4e58e4f51351cb3cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5f2bbee068b11a4cd23c394b9f306492

SHA1
337f3215bb8ce0df588c9a4c05d84c0a05343ada

SHA256
9ebe9f816b39601b2e8c753d064d9ea4f9c1a789b5f03793f1077481c4674eca

SHA512
0242e61001f847916a08daa5d7e51b34a93c2e0fa28dc1bbf743eba2698844373e0b8bbccce622f230fc10d53937022bef7e5a6942d009d84d3fb980c2611ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d85d7dc7fb40338ecfdfec6fe9a22b01

SHA1
73c7587ac4b99b99fbf7cb9d0c3289362aa73a1c

SHA256
dc8559fe7242b50021c5fb5839cfc0838e4218ec2fd3630b101fb972bba6ad75

SHA512
f7b82a632f364f5ed3fc086191c03968aeb41f4786299dc0f8a757e7b26283ddad8efbfa4fa55e92ea91486ebe730c3aa87cca3f7432099016dbec6b2bfd0661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aca05725f7c5b6b8f46ccb345175caf3

SHA1
a9255fa50d22e299dc9dce73a1691a38607e1bce

SHA256
bdea4fdadc1db4b9fbf183d7e557912fa5ecf2023f7c3fef99760a9d0e3b5a73

SHA512
a64745365d03f1e66fb0540905e94856d63c28513e12d3846c93f292faec5f32654b76bdd7fa436459a93f783950bd904a556afee8a3ba1f5ad3170d81480baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
40e1fd10a2ed9a1a18f1d907a2dc6b84

SHA1
822c68c070dd06e618e357e35a9dec0e0dfbbc16

SHA256
5e2009f9c0d94749a0355687897f8b6eb05107e7f1f3057cd05cd5bf9e0d1ee5

SHA512
90125e222ace950e4f1e01c6b248d13012cd92ed67bbd7560eabb4fdc08bec21dde03f0de3f5c18bbe5c09b8ede554408569d8fb26022abb711221fe4c086ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a9869.TMP

Filesize
48B

MD5
f8d800bd9b61284a3f94f4ab50b1624b

SHA1
bbf06c92a44142e84449567f931d0bd9bf4deefe

SHA256
f0127fc83b2811070ac324d244f53b75e79c2b9bb106e700abfdee57fde3e756

SHA512
0b6bc5982439410d260df21479fe560fc044b23f9086daeb3ccd658f5b1b3e2b8581d5a17fc9bd123df425b0416c59a799360795363911ae022afea2f3385a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
13e019e502dce874fc860a16f434d3bd

SHA1
c0e5127434740641781b9bb97615213000dbc691

SHA256
36b3faef4c6823001c3e16bff3b5c75b254fce8242fef589f3805aafb04aa33f

SHA512
794786d9b928f3e70bc352030cee64676acffa5539670df90f394aef094ad76fd0a51d0d3d886481d986cfe6744bf8832e80441eac9583a4d3e8c6e7d89b67a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
ebfe2dc76cf7517c1520db97cf010976

SHA1
90f20b52098ce95caf9394ab62383ec2014e8b02

SHA256
6f40b426d5a5f67f8356d8164551c6e8a7b32222f7501d693da40da9df251499

SHA512
74eb35050131bcbed85be283113a566d6d3008b203228c41db8ef12b5add502bbb6684a13fdf47ab3233c7808da175cd0d94aa8b63fdf2c2304f43d2ee6cdd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a62a3.TMP

Filesize
708B

MD5
66ce071ccdc160892298837e7ad041cc

SHA1
8c2cbf1811682576376edab45f17152b9363ece1

SHA256
64d3489af038d99d717a888a9845251a0c5daedd1b51090f8dc9f547ea900ed8

SHA512
30e3b57fbea74803ca6a8ca3970e8d68a0696f73ed6f88fedf3d02e222ec43c8a8a7bb23e226712a87c60e7ae437e8d0409736cba2471917a64814d773f73833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e100b5b2-a046-49e8-bf59-0a64732c6ea9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
98ab9763be4829d5253867bf964b7402

SHA1
3cd6304bbd8735d1bc62b2964eb212c561d76b76

SHA256
0358705d6e05347f405b36593b68c9db10ed064a4a81e30a1abcb0f43dcc04c7

SHA512
030717e48a142ecf2b9b88bd0d0b53c7f1e723ad13db47207f095215aee38c39ff1e87b7b82370e3344a6251b3701f9bfcd7e9ec53e6584837f679b42c3b450c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c426c5d5817ebefbd54b9f6a2706321a

SHA1
23b337e22c33130f7989e8c15c9d80eee4345978

SHA256
457e115f301a9eb850969b2b0198eac3ee5ed795cde2bd11b89657be793faf69

SHA512
2b9af2670a80aa3613365e4ae96358b5eb415dd83d1039146cb04624cfa9c9d01afced42ffa48206331fd1cb8991ccd1872ee55c000bc74a295a6d31259e631f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
12d89217be7dabed5818fee8c94a0fef

SHA1
394c207765ff8d2e4c0ea316c03ddb1e73670df7

SHA256
99cd56dbf1b759a730f029177f86ab0f07282283f63e055816ee327bb25fee56

SHA512
306b6c4f7ac1d28d5fb9754141d2436d326539797e5b966f93fd848052c398abf91e5c1d23655071242866b0b62f03356e10023a39d96ddbe74f86d20b07583c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
8e9dd630fd33a84085d5dba08f1a90c6

SHA1
d3267f84e9cef57f5821958b15c61e9a6ed9f9f9

SHA256
177b075594a60f36c0f4ea952c8f915583e10c0bb1ed2856072b94333e0a642c

SHA512
27766001caebfdafefb95fa44271b968dcba006d97c29a65b97a6333d4e7c58509dc4167eaed76441980146a7a3c3be176e313f2a64d7b4a6153201efc0b1f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
7ff82565fa58978e967b24d529c35e29

SHA1
bb9f6cb8ce404c70a56639c7be9f42e938abce59

SHA256
1e82f74fe6d056bbfa706a75867548e834d17870adf69cf52b834d0079a33f3c

SHA512
5a6bc79aac21ed5f23facaa85507cde10959fa7b9cd717780d9bc4ece6cbef0d299f5f51b29e09f3e16c770d26dd060ea3fbf2d84c513d1ef71c4061fa6d23c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
44b893d31427513b7ee3e365fdfb3388

SHA1
e9679ff9cb5f4e5d97a874ab406711f871f96a34

SHA256
8fb0f3e49a7f8a44006d57e762de9d1788f68d36faea7d0672728baba12fa36d

SHA512
a4698cc27dd9744fa561e1c7cc5fc0befce9d8a1991b9b7172805c98686a5036b312be38de3d8c3d27b4c58255eb7f3d49636e146b73132d2b0d7b6583af9bf3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3f09049719972682879cc55ad5aa4187

SHA1
1f82d0132d7b721ed61e380a08da8b36c0f6df5a

SHA256
d4f7761b7fdd08f525ae7db74cc08b9bbf790299cc32492b47e8300db4f6aa65

SHA512
38f1b5b76878555a1d992a5c5cd7d5933a1040a47b6d604f71a1ddb7f1f7295c22df6c3072f9ce759bc4ad68f39f79947fb51b50b2e7ef72429ba677799a40ce

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\Roblox Mod Menu.exe

Filesize
142.1MB

MD5
c206a489223afc78c07540ee76474baf

SHA1
3f66e64cc50c70d74b246e4cb72fc64c86a65fa3

SHA256
21cd6d2a634e5502cb1b8f4800e55a5a588975ded9cecb3369a565dee97a6f1e

SHA512
2c4bc3a81a925546f25dd2c2e693dc5309f94b64fc274750b8672213f4bae0da2f436a1acbf9c0e8d3947061e9a02cf175b44d1afeb6eb05308bad2418ba7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\libegl.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\libglesv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app\icon.ico

Filesize
28KB

MD5
e718b557b56021745c64f924972e082a

SHA1
fd77644ba0e3e643fe31a9d8e8dabb43b1741342

SHA256
8b063509b751d03434b657a555a0a863573f0b7261d4ecf675f969fc4abb1514

SHA512
f528be23c02847bf8efd2eb8f04e02597a23aa4fee1e3f62ab35403eb2df89dbdb0695a7b41516ea5d5188d901dd9a1140727cec0e06599533ee578555940fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app\lib\main.js

Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app\lib\preload.js

Filesize
4KB

MD5
fa55c68c5f0b5a560604becb9df601fe

SHA1
0eeb7a10a9574238d6360ab895c78ddfdbca61ed

SHA256
317ea36e9119cd2024689687aaf927287213b5ec2909bb98c1ae87a01b49106e

SHA512
709da44b05879e4c1e8121e8c818e364bd6167d873529274d9ed63ea1b25a1ff4e9f501f11668a01677f9f610950a44b9fcbef99356d4c3cd9db51619d2dd9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app\nativefier.json

Filesize
960B

MD5
b682af20dca7dea29bb873f88f631676

SHA1
1ca7d911be6893956768106db53c071c2acf736a

SHA256
f656493527494dea144dfcb886f654b88a6f631afb7b3cdaca1782e8bbf54d67

SHA512
65fc734c9edf6adc270905b16c72a42e55f6ae861cf9543134fca81521c291f20236220e3e40ec9d71423f0cd4dcad5cc76152932be75b3af87a6f64f28987c7

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\resources\app\package.json

Filesize
602B

MD5
cd6ebe19e6877a938f5066b77fa912b0

SHA1
9aeed87b6a7e2895a5afbc33c6f6ef6b93b3ec14

SHA256
df8bf90a3a5084509e768cb4db48b6bb68c284ed8cbe9cc1027467d5c791170d

SHA512
ca97c620abc086b30725b638388cb43a10432d6d637279ada29eea5d8f334455ba4173964f743dae6badc41b41285a556095e1dc1c6784e9367d137235366042

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\vulkan-1.dll

Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\Roblox Mod Menu\vulkan-1.dll

Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d67ffc290a2214747f3bf29b303be8a5

SHA1
3098a024b36f8626577575d06b6c2c5fffc88b18

SHA256
74419896b40a23aa1ec66d86d593587a51053e7234b1265d608083e083ad1dbd

SHA512
157e2cf3b1e27bd4acc55a84bfeb503f712d512901e1305036d69c1dcfa24a536f92a56c4b6cc3a25c1f60a0222175882469ecb98667a48012ea583d63f00bcb

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Code Cache\js\index-dir\the-real-index~RFe58d1a3.TMP

Filesize
48B

MD5
90b3b1f1792051e3da436c03cfd1a431

SHA1
763510bc2f9eea09a186f28d0db8d881937d11fb

SHA256
a1a58f373dc75c62f717912006d5355ad0856bb5fbdb46fc049e1811a43b6489

SHA512
e0b4a180ada37ad3c66697ac8333c452a65e1c4beb16ea6abf7e2bda5d4851bd377e923b99e8a5dbd4046e4bab85e7132ffb9cdc72effacd7d62c72694857064

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\8a255780-89b9-471d-b987-05f0cad08b9f.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\Network Persistent State

Filesize
1KB

MD5
045318fc798c6eb0cd5cd83ac979a811

SHA1
45fcdb66a53e31f7c6ae5da123154070e819833e

SHA256
c9df3cb2283f5b288dbcef77ef3942efb4a899cc2e6ea943b768235b8091fb03

SHA512
098e0ec3a3dbada897f83816ca50310a99966cd29f76dcda5acdbad8f53c86c967e8b6951b55de4afeb8772d3480c2e6491f567a3acf0f0328f377d094e31664

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\Network Persistent State

Filesize
1KB

MD5
0e70eb0e5d72bd760100997260d7e517

SHA1
187581663307317844084f629adc3843f425fb41

SHA256
def6ceaef200ef6519efa686a7493b6f2efe0e8fad6550993d0d5d94dc24a445

SHA512
b30b67412e1e2bfc7bc42ba40daa934db41dbb66eb5bd39e9ee9c6afa20fc4c32c1a83138377c1682c4c1a198eed7816636bcf7578f9b819d28bb3947a804996

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\TransportSecurity

Filesize
371B

MD5
22a34d0ddb56f516d6bf1d637b050792

SHA1
29370a11c5535994867670c330fd1e9903853cc5

SHA256
f452583fc32ba91f544fb75ba06a7be5de0dff4ea88727bd2e0f8ccfd8e3251d

SHA512
1495c325924bcde983ca67eb43b5768d2379728a41c24bb0599302e1a4ca9fc47c7dd32a756e79e6707ac3072343e2cf06ada5bc2348e5ff950dea0dd6bd041b

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\TransportSecurity

Filesize
371B

MD5
bd5f9a0464f48416f718aa45be480f8d

SHA1
5b9923c62876c20479fcb039e9e0eb9da8a36158

SHA256
4a5f5420ad6c0ada6db0fb32d9a03d02429134dd0eefcd283fb5f578a8a505ee

SHA512
c98827432b1aabd904cc3eed3257b9104699ceb5f2c7fe73f087d118532fb3677a370cc8d7e7b38c62609ca0f95bcf88d8bf62cc7656d2b61a5085b35821f0a6

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\TransportSecurity

Filesize
539B

MD5
77919fb208a6bb0a23ede052ed70d621

SHA1
5d9b2d1871682a1cd5e90bab7bff80bf2f5caaf6

SHA256
bea44388e2d3683edc848e4546a34a151dd85d43f53c36f641ef6105470413d7

SHA512
ef2e054c9ba5a5b0c0b8322dcda5143f71a9bcf7e03686d4c3be7b373688990e818ba60ab577657a4b407a7acf742710564d9b283f3c14ad85dcbb234ef7eb51

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Network\TransportSecurity~RFe584ac0.TMP

Filesize
203B

MD5
ba14e939cf2f013a5eb858b5975814d0

SHA1
aa686b685482e54f9cc640550934971232bd8e04

SHA256
57d7ec0947b51fe942b1232387d58589757ab9fea5ef47bc0edc76156117d7f6

SHA512
b056b31eb4ae6eb929939961cdb39e8a982b1ee1e823f422a087e4d2335f12495f539b6ff0e9d5e6ad2a3522c873daae1bfac8da20a189748b252c72f6054a75

Download Submit
C:\Users\Admin\AppData\Roaming\roblox-mod-menu-nativefier-050aef\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Roblox.Mod.Menu.zip

Filesize
85.0MB

MD5
b22c8bf73d1989ea4ad7de1b141e484a

SHA1
5dbd5f17284a2edfc8a51f3b4116055cafdbd2bb

SHA256
e4978edbdc4952f6cc4e148f94e5028e5fd5253134a6ee5afedcb7c732026da5

SHA512
6d52f7097801dab622b4410e41d3b8505b9961a4d6a6853a649aa13b0f3465de065f85aaea966ee7d1c8390789ac0e5035fdc2e6464619ee67e606342e95c564

Download Submit
memory/1192-579-0x00007FFD65640000-0x00007FFD65641000-memory.dmp

Filesize
4KB

Download
memory/1192-591-0x00007FFD65650000-0x00007FFD65651000-memory.dmp

Filesize
4KB

Download
memory/3892-234-0x0000000001A10000-0x0000000001A11000-memory.dmp

Filesize
4KB

Download
memory/3892-386-0x0000000000CA0000-0x0000000000F82000-memory.dmp

Filesize
2.9MB

Download
memory/3892-440-0x0000000000CA0000-0x0000000000F82000-memory.dmp

Filesize
2.9MB

Download
memory/3892-443-0x0000000000CA0000-0x0000000000F82000-memory.dmp

Filesize
2.9MB

Download
memory/4284-456-0x00007FFD65AB0000-0x00007FFD65AB1000-memory.dmp

Filesize
4KB

Download
memory/5504-946-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-948-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-950-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-949-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-947-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-940-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-942-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-952-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-941-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download
memory/5504-951-0x00000146F39B0000-0x00000146F39B1000-memory.dmp

Filesize
4KB

Download