0e78160a0f128bdf85b2d24c1c2b5025b9832761be2c651e55bfd1301a526398

Resubmissions

13/04/2023, 17:49

230413-wehywadb43 3

13/04/2023, 17:47

230413-wcz5daed4x 3

13/04/2023, 16:35

230413-t3tn6sea21 8

Analysis

max time kernel
2647s
max time network
2310s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
13/04/2023, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images.jpg
Size

5KB
MD5

66a3b72879baa39d00a1a837ef01ba88
SHA1

b8e9479468e2421d2110715adbc260d53a8e0b1f
SHA256

0e78160a0f128bdf85b2d24c1c2b5025b9832761be2c651e55bfd1301a526398
SHA512

5e271585c467fddce82181b62723c821e145d6af662d2f51f963bd1646801aeb0f80cbbe2fc6664aba9181ff7a86f5222406aa4b61bbb6c3c6acc22db3db3087
SSDEEP

96:vd/UsedgMupb+jadUOLnzUUlePBJ5bhQVZuxsLaXt1do7URgqB69Qv:hrdXdU8o/hMLaXt1S7Hqo0

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 21 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 37 IoCs

pid	Process
2176	RobloxPlayerLauncher.exe
752	RobloxPlayerLauncher.exe
1340	RobloxPlayerLauncher (1).exe
3264	RobloxPlayerLauncher (1).exe
4976	RobloxPlayerLauncher (1).exe
4700	RobloxPlayerLauncher (1).exe
1272	RobloxPlayerLauncher (1).exe
3624	RobloxPlayerLauncher (1).exe
192	RobloxPlayerLauncher (1).exe
2092	RobloxPlayerLauncher (1).exe
2416	RobloxPlayerLauncher (1).exe
3820	RobloxPlayerLauncher (1).exe
2060	RobloxPlayerLauncher (1).exe
1224	RobloxPlayerLauncher (1).exe
1044	RobloxPlayerLauncher (1).exe
2804	RobloxPlayerLauncher (1).exe
320	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
5196	RobloxPlayerLauncher (1).exe
5420	RobloxPlayerLauncher (1).exe
1376	RobloxPlayerLauncher.exe
6044	RobloxPlayerLauncher.exe
4244	RobloxPlayerBeta.exe
5188	RobloxPlayerLauncher.exe
5516	RobloxPlayerLauncher.exe
1112	RobloxPlayerLauncher.exe
1236	RobloxPlayerLauncher.exe
3812	RobloxPlayerBeta.exe
1164	RobloxPlayerLauncher.exe
2156	RobloxPlayerLauncher.exe
5644	RobloxPlayerBeta.exe
5852	RobloxPlayerLauncher.exe
5160	RobloxPlayerLauncher.exe
5112	RobloxPlayerBeta.exe
6688	RobloxPlayerLauncher.exe
1176	RobloxPlayerLauncher.exe
6524	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 16 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	GamePanel.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\IAPExperience\PurchaseFlow\PremiumUpsell\PremiumUpsellFlow.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\ProfileQRCode\TestHelpers\collisionMatcherSetup.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\llama\llama\Set\toList.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\TerrainTools\mtrl_salt.png	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoverabilityModal\PermissionsProtocol.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Analytics\RoduxAnalytics\AnalyticsTypes.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\PluginManagement\allowed.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\models\MaterialManager\smooth_sphere.mesh	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\DebugUtils-fa311043-6c92cae7\HttpRequest.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\RoduxNetworking.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\Emotes\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\LegacyRbxGui\scroll.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Cryo\Cryo\List\toSet.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Thumbnailing\Thumbnailing\CameraUtility.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\LegacyRbxGui\CloseButton.png	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\RoduxContacts\RoduxContacts\Reducers\Contacts\byContactId.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\InviteLinkExpiredModal\RoactRodux.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\RoduxAliases-64af4154-868f23dc\RoduxAliases\Actions\ReceivedCanShowUserAlias.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Shared-d86ebb2a-ca453478\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\NetworkingFriends.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Analytics\Logger.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\LegacyRbxGui\scroll.png	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\Settings\Players\Unmute.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\core\watchQueryOptions.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\MenuBar\icon_chat.png	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\Commands\RBXTeamCommand.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\tutils.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\ProfileQRCode\Components\ProfileQRCodePage\ProfileQRCodePage.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\StudioToolbox\RoundedBackground.png	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\Array\from.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\AvatarExperienceDeps\RoactFitComponents.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\textures\ui\LuaChat\icons\ic-clear-gray.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-a406e214-4230f473\ReactReconciler\DebugTracing.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\Components\Toggle.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Thunks\ApiFetchGameThumbnails.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\JestReporters-edcba0e9-3.2.5\JestMock.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-2.4.1\PrettyFormat\plugins\lib\escapeHTML.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\fonts\TitilliumWeb-Regular.ttf	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\icon_intern-16.png	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\PlatformContent\pc\textures\metal\normal.dds	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphQLServer\GraphQLServer\graphql\luaTypeDefs\Experience.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\RoduxContacts\RoduxContacts\getDeepValue.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Expect-edcba0e9-3.2.5\Expect\utils.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\textures\ui\LuaChat\9-slice\hello-button.png	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\LegacyRbxGui\_preview water 03.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\Cryo.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\JestConfigs\JestConfigs\init.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\FillCursor.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\Controls\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\GraphQL\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ReactDevtoolsShared-a406e214-4230f473\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Thumbnailing\Thumbnailing\CFrameUtility.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\textures\ui\LuaApp\graphic\player-tile-background-light.png	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\JestConsole-edcba0e9-3.2.5\LuauPolyfill.lua	RobloxPlayerLauncher (1).exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\RoduxProfile-fa311043-6c92cae7\RoduxUsers.lua	RobloxPlayerLauncher (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\JestCircus\JestCircus\circus\legacy-code-todo-rewrite\jestAdapterInit.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Utils-debf4142-0.2.0\Utils\addTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\MessageToast\Dev\RobloxAppUIBloxConfig.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\AvatarImporter\img_dark_custom.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Dialog\Modal\ModalWindow.lua	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\util\init.lua	RobloxPlayerLauncher (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	bcastdvr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bcastdvr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher (1).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher (1).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher (1).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher (1).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258773523095406"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher (1).exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher (1).exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher (1).exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher (1).exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
2372	chrome.exe
2372	chrome.exe
2176	RobloxPlayerLauncher.exe
2176	RobloxPlayerLauncher.exe
192	RobloxPlayerLauncher (1).exe
192	RobloxPlayerLauncher (1).exe
2092	RobloxPlayerLauncher (1).exe
2092	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
1632	RobloxPlayerLauncher (1).exe
4244	RobloxPlayerBeta.exe
4244	RobloxPlayerBeta.exe
4244	RobloxPlayerBeta.exe
4244	RobloxPlayerBeta.exe
4244	RobloxPlayerBeta.exe
4244	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
4244	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe
6524	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4244	RobloxPlayerBeta.exe
4244	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
3812	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5644	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe
5112	RobloxPlayerBeta.exe
6524	RobloxPlayerBeta.exe
6524	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 4024	4328	chrome.exe	69
PID 4328 wrote to memory of 4024	4328	chrome.exe	69
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4644	4328	chrome.exe	72
PID 4328 wrote to memory of 4660	4328	chrome.exe	71
PID 4328 wrote to memory of 4660	4328	chrome.exe	71
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73
PID 4328 wrote to memory of 4596	4328	chrome.exe	73

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\images.jpg
1⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffa7f549758,0x7ffa7f549768,0x7ffa7f549778
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4972 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5024 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5192 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5424 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2440 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2452 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5288 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5520 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5896 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2712 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2628 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2640 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6508 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6108 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6640 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6612 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6528 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5788 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1596 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6084 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
    C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x69c,0x6e4,0x6e8,0x6d4,0x6f0,0x12ad584,0x12ad594,0x12ad5a4
    3⤵
    - Executes dropped EXE
    PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6436 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5080 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=976 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6672 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6712 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5388 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:1340
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x578,0x57c,0x580,0x54c,0x4e8,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:4976
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:3264
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x668,0x66c,0x670,0x5fc,0x678,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:4700
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:1272
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x548,0x54c,0x550,0x520,0x560,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5688 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5012 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:192
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x4f0,0x4f4,0x4f8,0x4cc,0x51c,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:3820
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x520,0x524,0x528,0x4f4,0x504,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:1044
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:2416
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x53c,0x540,0x544,0x51c,0x558,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:2804
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:2060
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x53c,0x540,0x544,0x518,0x550,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:320
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:1224
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x53c,0x540,0x544,0x518,0x54c,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:5196
- C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe
    "C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x51c,0x540,0x544,0x504,0x548,0x121d584,0x121d594,0x121d5a4
    3⤵
    - Executes dropped EXE
    PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4520 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:-QQMNYLyV5EQ-9hXRO8QAeNn_izYV7L5uhZLx0FCZWxcu8tZc8mIAtW28qqANzmpRcfYPoU7FQdbROAP6SFgIEXQhQgs9FD513dCc-8eOpetoGZig5QGEvxKbXi_D0ws4sg6UBf0K-EpgUnLsbNmmap43GYZ4vh8DbglRY-i1icOHCYbCaCQAq5-2_GdhyAIuAuDiJMtxsIhM02DkxYnfTl9xRSSB_S3nqL0t5-vfUY+launchtime:1681404146442+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169069674620%26placeId%3D3101667897%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8d296b65-447b-4027-863e-81922a4b7444%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169069674620+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1376
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x66c,0x670,0x674,0x64c,0x3a0,0xe5d584,0xe5d594,0xe5d5a4
    3⤵
    - Executes dropped EXE
    PID:6044
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe" --app -t -QQMNYLyV5EQ-9hXRO8QAeNn_izYV7L5uhZLx0FCZWxcu8tZc8mIAtW28qqANzmpRcfYPoU7FQdbROAP6SFgIEXQhQgs9FD513dCc-8eOpetoGZig5QGEvxKbXi_D0ws4sg6UBf0K-EpgUnLsbNmmap43GYZ4vh8DbglRY-i1icOHCYbCaCQAq5-2_GdhyAIuAuDiJMtxsIhM02DkxYnfTl9xRSSB_S3nqL0t5-vfUY -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=169069674620&placeId=3101667897&isPlayTogetherGame=false&joinAttemptId=8d296b65-447b-4027-863e-81922a4b7444&joinAttemptOrigin=PlayButton -b 169069674620 --launchtime=1681404146442 --rloc en_us --gloc en_us
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7028 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6840 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:oPIkt-PYmPHM4KEYW_tbcxrvfM95KRM_MUtTM7Pz8uHvJd6PcfAxYXl3ZKl5GfIz_8R40Wy6APtHDxl4eenBaUsxJ_wvw9PEWyB_Yp1KzWQmVQS7fhcgYO_ALY3skOj8qSnAaHlNDsyn_zbiMW6CO9ZI6kAV3A4OFpNNtSQqpI6DwRFZ2n1uNj_0QT02CVDnoasDulhtmHebEuHiUiVRZ-Zr3ERQGY2VLuMsU8OAFpI+launchtime:1681404170648+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169069674620%26placeId%3D3101667897%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D63d8339c-bc9d-4094-bfe9-7ab072ae0daa%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169069674620+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:5188
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x4f0,0x4f4,0x4f8,0x4cc,0x51c,0xe5d584,0xe5d594,0xe5d5a4
    3⤵
    - Executes dropped EXE
    PID:5516
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe" --app -t oPIkt-PYmPHM4KEYW_tbcxrvfM95KRM_MUtTM7Pz8uHvJd6PcfAxYXl3ZKl5GfIz_8R40Wy6APtHDxl4eenBaUsxJ_wvw9PEWyB_Yp1KzWQmVQS7fhcgYO_ALY3skOj8qSnAaHlNDsyn_zbiMW6CO9ZI6kAV3A4OFpNNtSQqpI6DwRFZ2n1uNj_0QT02CVDnoasDulhtmHebEuHiUiVRZ-Zr3ERQGY2VLuMsU8OAFpI -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=169069674620&placeId=3101667897&isPlayTogetherGame=false&joinAttemptId=63d8339c-bc9d-4094-bfe9-7ab072ae0daa&joinAttemptOrigin=PlayButton -b 169069674620 --launchtime=1681404170648 --rloc en_us --gloc en_us
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5320 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:Qef0TFwLNJq0s1kEXdnnJ-ao4YrUYjz_aDjVb4Xd6V62vx_qSI-u3Z_TDXUJi4kwMlHGjaEc-dSaO7Gbb-w5M4TyzADISuETmbB2XcSJPCXPm3vYbZltvary5MEpylg2M1N4yluhN5Fe6bRKK0Ll8zo2ZKrB-CI388hx-HPsuwLeKM1v6jncSotkF4lnvXnyk6D1RQXPAtOzjMLgFtUIbPNFPfNczt9vqCJEd6NkXs4+launchtime:1681404178054+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169069674620%26placeId%3D3101667897%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4e6fc073-c510-455c-b555-578eb007ed7a%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169069674620+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1112
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x4f0,0x4f4,0x4f8,0x4c4,0x51c,0xe5d584,0xe5d594,0xe5d5a4
    3⤵
    - Executes dropped EXE
    PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:ZbbtL8Iljso1eRnUwOui1f3hNnjihMKUtYH6WQQshimDbbgYH5UzAgX1qAR1LkJnQv0MYjDxOFnKyxsUklk5EMIkXIT8__UcZIkw3bGuOHUtF4Y_1y6zW-0pYa_6OtBZVBuY24WWTQc1lSjUF8ODGQHD9xuh04VWVDAODJb-0JxpEHguoK_TkrUI_MhAbseVQnjAtJvB2QCmfQGpP6qMvt1LcYGHTph0iwH7ysrLE50+launchtime:1681404178054+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169069674620%26placeId%3D3101667897%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4e6fc073-c510-455c-b555-578eb007ed7a%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169069674620+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1164
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x4f0,0x4f4,0x4f8,0x4c4,0x51c,0xe5d584,0xe5d594,0xe5d5a4
    3⤵
    - Executes dropped EXE
    PID:2156
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe" --app -t ZbbtL8Iljso1eRnUwOui1f3hNnjihMKUtYH6WQQshimDbbgYH5UzAgX1qAR1LkJnQv0MYjDxOFnKyxsUklk5EMIkXIT8__UcZIkw3bGuOHUtF4Y_1y6zW-0pYa_6OtBZVBuY24WWTQc1lSjUF8ODGQHD9xuh04VWVDAODJb-0JxpEHguoK_TkrUI_MhAbseVQnjAtJvB2QCmfQGpP6qMvt1LcYGHTph0iwH7ysrLE50 -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=169069674620&placeId=3101667897&isPlayTogetherGame=false&joinAttemptId=4e6fc073-c510-455c-b555-578eb007ed7a&joinAttemptOrigin=PlayButton -b 169069674620 --launchtime=1681404178054 --rloc en_us --gloc en_us
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7136 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5116 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5052 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7160 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2620 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:wVp4mfxntfCxC0rNeegWv46hnn_Gih_IZlgoM6PELj7j2JpijVUOhtEwLMn83IEPCV5yrHQ6vPmdhrzTvjUeEyWWuJrUAerNYN-5NLHOHLg5e1BWg8G3iL1B3B0_FlmvhgZvkXg-07LId8D2ZqcirSwBOnVH53gw2aiwVdZ2_eYxmNA9xAouHY16AU_zeABCcPakQq_hYNnt92J3Z2ippTj7ny-f9-2p6tNnMPxJ2hU+launchtime:1681404205445+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169069674620%26placeId%3D3101667897%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D998412c1-c7e0-4de6-8a93-b5a3152b0d18%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169069674620+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:5852
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x66c,0x670,0x674,0x5fc,0x67c,0xe5d584,0xe5d594,0xe5d5a4
    3⤵
    - Executes dropped EXE
    PID:5160
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe" --app -t wVp4mfxntfCxC0rNeegWv46hnn_Gih_IZlgoM6PELj7j2JpijVUOhtEwLMn83IEPCV5yrHQ6vPmdhrzTvjUeEyWWuJrUAerNYN-5NLHOHLg5e1BWg8G3iL1B3B0_FlmvhgZvkXg-07LId8D2ZqcirSwBOnVH53gw2aiwVdZ2_eYxmNA9xAouHY16AU_zeABCcPakQq_hYNnt92J3Z2ippTj7ny-f9-2p6tNnMPxJ2hU -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=169069674620&placeId=3101667897&isPlayTogetherGame=false&joinAttemptId=998412c1-c7e0-4de6-8a93-b5a3152b0d18&joinAttemptOrigin=PlayButton -b 169069674620 --launchtime=1681404205445 --rloc en_us --gloc en_us -channel zflag
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5516 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:5Ow5U7EuFI-vTBftb8d9CDP9Ud8eSlM6gZZ8KhEnHLJmcQorcPHZDliCHZyL5K_9fCdecICFhSMzUpUmW9HL7WYqSaz907pXOeEHHvG8JFPUAtDVWrpLVLVXZ3lP92jH8gB2mDhRg7LGPwBF41LV6Ky4e3Hj0Xfm9wmQa4J4vF6mxxrupzVQR3AUvJh_0MvTnimWFAnoXqcl_Z21Gyp3LqO5utwA6w5gmeXemmTTp-Y+launchtime:1681404276229+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169069674620%26placeId%3D3101667897%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1da79005-2cc4-49f4-bb9d-7b8be595aa73%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169069674620+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:6688
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5ec,0x660,0x664,0x394,0x66c,0xe5d584,0xe5d594,0xe5d5a4
    3⤵
    - Executes dropped EXE
    PID:1176
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe" --app -t 5Ow5U7EuFI-vTBftb8d9CDP9Ud8eSlM6gZZ8KhEnHLJmcQorcPHZDliCHZyL5K_9fCdecICFhSMzUpUmW9HL7WYqSaz907pXOeEHHvG8JFPUAtDVWrpLVLVXZ3lP92jH8gB2mDhRg7LGPwBF41LV6Ky4e3Hj0Xfm9wmQa4J4vF6mxxrupzVQR3AUvJh_0MvTnimWFAnoXqcl_Z21Gyp3LqO5utwA6w5gmeXemmTTp-Y -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=169069674620&placeId=3101667897&isPlayTogetherGame=false&joinAttemptId=1da79005-2cc4-49f4-bb9d-7b8be595aa73&joinAttemptOrigin=PlayButton -b 169069674620 --launchtime=1681404276229 --rloc en_us --gloc en_us -channel zflag
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=4388 --field-trial-handle=1848,i,10038284248983954835,6634548395528873624,131072 /prefetch:1
  2⤵
  PID:6772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffa7f549758,0x7ffa7f549768,0x7ffa7f549778
  2⤵
  PID:4816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4
1⤵
PID:168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6044

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1276

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000002034C /startuptips
1⤵
- Drops desktop.ini file(s)
- Checks SCSI registry key(s)
PID:5676

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Checks processor information in registry
PID:6120

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:6928

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000601D8 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:7008

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4392

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000501FA /startuptips
1⤵
- Checks SCSI registry key(s)
PID:6388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
3e1634906e576e71becf3b0084f3821d

SHA1
2fec3414a7f154e7166212bfcd0cb300fbf1a846

SHA256
c041f06838dc23831f5cda5e27ed0702f377df774ae03eedab0d8468fa902eac

SHA512
e084c0e0862952db7a77cef1c6a8d6ad647a61058ada42bae96c8c7e36ec417830a9b26f370f95a271db623cc861ab0f9a3f26f793478dbeb3b706e28370007f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
4739ab877568fa16a94e2c8e35bc53bb

SHA1
9ce12d1339f6287d8e1d48871179b9504b05247a

SHA256
4daa0ad1ab9ecdb25ab990528a7db649064963b41d5c2023fef0ab70bcbe7b3c

SHA512
340bb1e65d4e54936bcbb58b36828d10204e7fe69b2397c5e1d86267867396053b32977d029185fd94de0ea9c5139b7295f08677b052a40bc16a347a019ec67a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
210c7521775d6c39ae9f99363be77a32

SHA1
7a3b854a2dc6300e0fc080f58095f52447f70887

SHA256
79af567cfeeb84a290f63d08bdbcb7a26e41ff27b69c3695834c2c51818c893b

SHA512
c84e853a2edf9c87e4e54c20180781793be170624f64ea84e427a6d02a1e0cd05bcb5fb8e3f188b24acdd02916cc0a4bb8b2d75b6816b2b4643ebe819f5810e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
3a2aac186afd103cea9660128f729ec1

SHA1
ae310ee6c389c6eed21b39d09e9757bdc9031a5b

SHA256
9d3b419bff5856a173624c01aa5f098460153136a972806198d70561842c636e

SHA512
1a7685c282f9a132fd20af444fff9572c6e83475c0981c1dde7fc772662953addcaf22a60224739e523fa6cbb1a66c93468be5e7c5f480bf8c9fa70235cd5061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
65d5b7cfde02076f2f7f765f0f271ee9

SHA1
d30d8c228ffed8d99373cec01678bb7ec572aa10

SHA256
4198d500d1065ea3d6a7ea0b4814418f6e228762295e35a53440df5d6ddbc88a

SHA512
8181219e6668bd86ccff492b42b7e0b074149e0a600d4ccf52c58c9fd07e382c52b74d0c34d85deaeda5ae84b31161408ced9708f309ba339fad4064fe5c3ca2

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx

Filesize
96B

MD5
b8103cff5ff17476e28744770a7a8104

SHA1
8cef04bcc6fd35d9b10194c8c71b8162c392dc97

SHA256
f8092b0e1985fff05d3ea09059cb16a2bd01f47c13355da3d1e2dc9b7a218e8c

SHA512
e07b4d16f14d0d3ff7dc30d28b6f30044dcb87bb818347e8e8f763ce43f340e96f791762c8ff338817ca17222f4f8b79e2dff2afc381cacfdab9ea0ee781d234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
115KB

MD5
a5b2f5b93629497b7cebe82688cf35c5

SHA1
c3bee930ab68b2ed0412a04effa2adf38aea2e9d

SHA256
a54961da6db466c13f68ae317a62fd283f335b6559ab7482e3d3510577ea6d45

SHA512
e4d38a1cb47bef6ee28fe10f625a70195e995acbaf6febe5fd333f77291a709b253fdee9a9127a8b0d4e040b90751cbf16da05c6a99eff6e2c955d540889bc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
61KB

MD5
a57bc25c317519c06f915923f877a9ff

SHA1
f1eb134f66f6d733660dcea9973582d8b619a772

SHA256
861dee7048030c1aec8994fda4830eddf258ce50dc4c518268741f4587818df3

SHA512
39588efb2a1913fc4306e86b9f5520d95568d3612d1415793c4d22befbe5da091bc1565c221625c7724b6c6a0cdb5085656b2ab28a5010019331b8e917d9df4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
549KB

MD5
2dfed8ad37fe91bbdf0d8ff475d13bd4

SHA1
a3e503d859850c03311d8bca8685650c9db0f427

SHA256
b358b98cf14908578689fdb5e71ea247e5ef25efcdcb0a845d7d42f6d2ab0bd9

SHA512
ff5381a150f2ab965abe0cb5a5c26bc8db55b402ccf6c8976b189aab8805add3a4d173a1423d7312d235e0f7de9f6ddb62a9e3ed60409e532766e3ebc458e623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
47KB

MD5
3c47def4ecccdd3eb543e12ca8a4a0fe

SHA1
a6fe31df397de6bb8ba6f219c62854d60a1369f7

SHA256
5b1c9e65aa702464e1ec078890cb075a3453d5bbf8a011acc08e8f5a5dd8f2b8

SHA512
d1122930b432599bb33e6d0d62e4c77e009e91d98d106245fa8d69a0b7661a773b25943d2d10a5add1abc4db942b4d652290d810ea2e54625801bed4ee2c5cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
34KB

MD5
9fc743c01d03305eb6f90fbb1d05bf29

SHA1
fcd7ece9c923af637e1de229ce366f7f8c175f8c

SHA256
0d4fe4883e0977a1532ecaba6b26b297a64d9344850a52d5347acf9c685db10a

SHA512
8bf385a6bb780347c510ebd1625440fefef9c92d5207e07f9289118b0c6e7edf0765b7c0460d5c27ff4b941a47f2d8543516df327cdb4937873832a31eef9532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
85KB

MD5
1fa0b641723187e02c3518143d9aaa3e

SHA1
2f1e92825eb8dc65d1723c54158637c475fa2665

SHA256
bf97340b0c0829595dd3c59ccf3e4e67a63277e256f114fcfbf4c35a90b5e3b6

SHA512
0c8c93bad14c07347ac59923e108313a89d31e649aa2f1eef10653bdc6cbb3f847c20cd0b4a59abca9b8afa034809a1d266bf71869bde47ba297705196f0d696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
28KB

MD5
59a2232411cad2bd678ed0c64b9c31bb

SHA1
6d0e5e0ed0d920d696d0820accb434943bf59e43

SHA256
b270aee3184ca073fd42b81b0d04aed8d350cc5cd3d59f37c89f20ce0d17b8df

SHA512
fa353be948b43efe7b7fe9bef96856f78eedc33a48abbc24ddf4d9a07b29f3ffd0d371950b81370056cda39aff2787c903ed1907e603f4941234e89f98020c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
37KB

MD5
a0c16152fd12ff102282ed3c2683f415

SHA1
8a258b742c5641a4a27b62c53899df03ead083b7

SHA256
635fa6c6e5fd31f463ab4d56c4c9dcd92326eedc7aef28f728374afa7d710fec

SHA512
0e811c9e84f3ed08e8cf515708e61a8f60a9dc4940e313f71eb2f88c80568d173f9e73b869dbc3da5be2a4ff77f27b54fdfebd1d8b7d9ae0c297a748418fbebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
117KB

MD5
044aa2968817aa931541f010d683685a

SHA1
8e9f3f4b305056e5cf2925f17d4d02a909757edf

SHA256
6907a6a7336439e247477060e5f5472364386f5151a7487519076c71b8be1b3a

SHA512
dd70e489d1fdac8c84671d09396f990258b04801dd1e1aea3454b1ae78e4a51a1e8a974ade09cd565ca9bed3ff71f9b384b571c6c310c3d0412ff38df566bead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
65KB

MD5
17b9176330b56ffd06aa9de40790435d

SHA1
f7a5db423973aff04817fd755226e5ef11f496d9

SHA256
8a835a6f8a8e6df4227f03e38e52e32db0899460621f523a4c750e95ee64cd4f

SHA512
4708c430f728056d15c4addfca989227384bfc7b1fc2009e19ba76320748025be06a96730b6ccf2bcdc20a287106f5e284d0594b14068128f68186c6e2251c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
49KB

MD5
cdf98169310b1ed09225bccd3746457a

SHA1
5d4c3d968659b81e01bcc065116a10a8cb188554

SHA256
76934bd9e59a492be189121fc4b6fb68a426b99ba304a1f2a8006897b9640e20

SHA512
5d306fc6465d0c024e49182212ebfb2a0cb60021a75208d23115faf87ddadb440f7df19e12e1b768c1a41416d22299cada355cd4aee6bb6330f3eedaf4396408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011b

Filesize
61KB

MD5
17208097d7cc08d10f91737abeb62146

SHA1
5e9d42af62f3ac6e0ee08812d44df3ca388b9f9e

SHA256
cb767872672ded814f98d3e9ec2954d230a89305979090711cbbc5d2d5584af0

SHA512
373161590db2709f0968e604ea8d5cfbe2ac20db9f38943ef46b741b6cfde9b8a4bc9a3ebe14b817472bc4a26c65a026cb61c72ba3d9cdcc9e30739fe379bf2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011c

Filesize
50KB

MD5
8ef8a0a15de5ceefcfff9f289001a6e8

SHA1
410d2fe5f4de1c8552e4a3e4c0dfa6d9790d6395

SHA256
403be72015dd12ebc6aa50d74033427e6364a43fe776713cce6bfdd9f3678b29

SHA512
427c94a8a52bad2eaab941d7af10b569e5373987a0c0f7f4a205c820e31dbd352d426ef4895e6673f7b96498a235640c5b365500ca48cae05de8af41e62941ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011d

Filesize
108KB

MD5
f1b8ada48c04b972e03b7db420350793

SHA1
4cff1ed662b7652292262ec03fe2da763835aaa5

SHA256
02c3fc4236e71cf21a25ea5b401f8ebd9652c6d67432d93325d56b5de37606d2

SHA512
c92239f4645350e7a1959b06798f243425d3119bc014ddd0511c987a8b2cbd50770b929a4720584b23f3ec6beaa7eaeb7b783dfe8be1c2a90a779472b6c7102b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011e

Filesize
619KB

MD5
1dcfe390680c3d16b44191cf8ad6aa7f

SHA1
41510e6e22e8e6d8a377c6a3a027949736075400

SHA256
39632e2b75837086d42c0b477667182de20acf6840dc61b73351f468ccf8c02b

SHA512
0375bf02c52e96315d1cbd47903214bba73c0db808764d04ba2b91a90e7bf1b8e6eb9ec950b025acdeef590eee1707c8f888501f8e5b6186a3befdf4d0ab4fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000129

Filesize
990KB

MD5
c94e99e74ffbd6279daaea3be169157d

SHA1
9591ffc6a468ba002b97f3af71b6bcfd52949d47

SHA256
5e7b4282499f89ca8bbabc05e9cd9009e6afb08f16ecd359f1a60d7c20d5b239

SHA512
f00e44458833ecb5b739a0e5762735324ee9a137d9fe3203a74cdfdd36630f772948d845bda5781b49082a17dcbfd051634fcd4a596752b30c3d96c9339d8b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b56225fc7032694a_0

Filesize
268KB

MD5
376b979ed3cda75804ba522eb6df1815

SHA1
c2ba48d3b9285536daabdf76af9f81c594d7f581

SHA256
24a19cdb46c38517d06569f720fe488a09300d78a186ac6e1878c910f430b3e1

SHA512
14952e5ed607323f09531b67d0c96146f97ca27f2aacc2b7abf86db98c5631100067fc2c3280c7bf80f4ea7085249965fe3a8f6994fbd5630ae071ae7cd0cd60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d1a26fbf284eb729_0

Filesize
262B

MD5
70334f7919f3ebf9285fc016319d2569

SHA1
06f87770092e0ef9e20e16d1bc46666f6643fb66

SHA256
f757bbea5ac98862edf895e952db9b84a5ca3af0d30e4598c017c5004706231a

SHA512
b7638fdcba3838a6e8bb8ecbbe7cb6d6657d70bc9f0a015357212839345499e3dd5c62daff0c819cec5ed14c8a7dc3a6176f8527c2fe92a2aa8a65d551713a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3c9cb8d865ceb6a6d46a8e1f54226324

SHA1
ba41a1039f0ccdbcf3825be18128daf2104527d9

SHA256
d14bf073eb710672a449359cdb44f20f616079d529d6b8df21c58e56f3385b68

SHA512
d008638833e5d30aa10d73cdfd2ab380a862b2966f50a83b50472b6bc63b5fb6d72d202629d779bfbc6607669a40e611a8926ea5cf0af4002a257525f14b1680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e99226e6dff9e5fea800f651fbb19f18

SHA1
52b394a47bf2a96a126ca01b39041d0b0c1a636e

SHA256
4605fffb93cf99895d9597a0c703a43d44720f8eadbb49630226b6cc296571f2

SHA512
dc9e3322c251d3cc463dd4732bfae70cc153f62208816962927ff5cb4637460ef314d01c76c128f0954002071f54d9411811a2c8a521da25275f72f08a22a763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
4c69f54b19cecb3ed1677a0abf8cd8ce

SHA1
020d08d8ccd5218e767bc78d022d8d4f40bd9f13

SHA256
3e9b4bdf83770f333f796999feef615d2b6d3e6de158a7d9289159525425b304

SHA512
a7068eb8b1d79fbcebe5fe56428685a36ab3908cb9d86b7d1059bca10f7c9a25fcdc05998bea6010afa066d32af461c1ae71d9d769cedacaffef5eb2ec0002f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
83f0bb3d9dabc194388f64e26abef6d2

SHA1
bb0a5f7ca573a9fa09bb80394b22a5636ff74720

SHA256
45941d8ae9e9ff05ff5046b2fefbfdb7e09af551548215c708634a7436250250

SHA512
d078e08597b36bbd18d7be03c50a646404873168168c6a01d452200e7c170588d66a1e5d62823de445dea5e991209aa0dc4b58926c8b00ec97cb222901894096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9cdf10c336b75db6a98ceb0dac1ee10e

SHA1
c7682843b466b03ef2949520060e3548f38e32f5

SHA256
266e6035e5a8d5b829f9beadf3289333f3c99314f999761ec5f6c05e0ce672a3

SHA512
554d4020640b24e302990e32a656feb26c611e52f308f71a12db1ace87a202dcb8098e2339d1226980ac65b87b026b181ccbb8c44d617dcb5e8c97c77d77d62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2a56dafee0e9d6170e0b54a7febbe9fa

SHA1
6cf55520dd345829949667cc18246f58e5b6d710

SHA256
6739e769fb76acf2dc4199b9410feef687de69a727bbf73a5807e1b409799a8e

SHA512
367093412cde045524ad3d633f9e82e686ae03e421dcfb5a0ed5968e44e525b2a5ca2c84533bdd7b48976616969132e3dfedddd14212c0a7650ef4cf3b480304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
8f5d05c1a0630273a38bda1fc89067ca

SHA1
519d550bb7bf62434e674681b92ae249b5db35da

SHA256
e4bf6f828a3304d51c1cc2bec5abab9af7abc50ba6f652708a742cfd21987360

SHA512
3a8a5d75f9797436b7c8392113fb6e98ed586274ffa4281a6f55aa1e98172aec38f045b345733d0429e67f082213177f37efcafa25fc02c4954777a80e16264f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
c2e9196fbdbf4324890d01b5913822ae

SHA1
77f06da0ff2ba12eb54c435e4ffdc02fab49364b

SHA256
17b4217b3744c4aeba33e6bb35bcd28a90543705a6030f903e20665d3e674c17

SHA512
2b4754851fd6aaadbb8139b25080989952a2aa5cd6c9424477248935707767940c6998170509754ad8291f70b20cff9a84e1e13fc1d186eb7a474c5b0cdf8317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
093b4fbe5910ddb8fdcf1fe2c1363047

SHA1
4c568a400572e7279664f26f62e05ac61804a866

SHA256
ac1949664df99959c7a56ad25c7607e4debb2be06a915a2e544d8c056c9a9b7e

SHA512
177ccab815971ed097df02eb81f53c562a749654a948d800041cab365293d4a5454687cad0fc02d0f7218a930e281d6cceb9b27d5d80c74b9f0937f1cc45e39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5ab0e2.TMP

Filesize
347B

MD5
7fcbd98c661dc8d93ae95d15db52d892

SHA1
b0083e60703f3514d735dcfda25e590200243042

SHA256
3f2f0fc559a36e6ec6566ba75b7956762035a9d07115a7dc3095293bdd7cc2a3

SHA512
4d20d99d67c2b971fe6fb6ee942b0ebe7c878a242d08ebfa9404bc9d0fe1433d9d960b29b06f0311927199855385870f85c230b4d33136ee2b79893d06b04f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\255281b4-dc19-43dc-8717-c05d923509b1.tmp

Filesize
3KB

MD5
1756b1138df81148e028ad3874582130

SHA1
27753daa0242625e35482e0e5615f0df6bb12575

SHA256
9729206320fdeaa7649345413f64c7379346ca35dfd066709a362e4ac1ad1c28

SHA512
9a7ff456586fb637fa58e2a29f91989f5f749132f4f4697ab043be479dd04e33f3330642053fe62405795fc68778130709045192e2b0b995e42c7468bb12110a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
095b69848d5c39b149ede856c3712d10

SHA1
d5d4d52a577b1c7ac51e8b4d4842da5f4902bada

SHA256
c4d9362492b3c2de92a4e9bdb05b756da5c35caf34bf9471bf70d7bd651b5932

SHA512
d140391255edce243208f3e6182d9879dca4bd1527e9d30a86a91a5bc423f775a386e7b7f901bbbd5bd14c28efdfb39d9b110cddcd5d176fc03e8eca0f79bf92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e70e3f47b2060d59ee3fd1a44ebc8d66

SHA1
df7a9da39ad48c14fc0ba7117aa664af229237b6

SHA256
5e5c6b2c32ddd92738d2b59e883b1746cb81f052bc591f0cbf3479251a9b4c96

SHA512
566bfdb50676ff33dd86cdef3c2913da5c419fe5a4ddc211747c6d962a06f0f08e9e7f7fb752e41c528d7afb02305e67a94d492a76257e90b7a610363f4e6a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
02c38c41a7ac8d462ece36d8ac0bedf6

SHA1
21bbf1070d67f76d98fcca05d0087dc524a08961

SHA256
14f050a48cb5ff90925b0646a493e52c0c9f269c253ef3f34419171e6a0786ea

SHA512
cf8ea78f4e4756076d54d6c22c76a9b6f53380dffe9c44ca5cbada1738eaca2993b0f168b120f431600db90f993199d09c2822c639d9e43d3665082d080f9fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
49edf56350ca07fa78eb77825efe20e1

SHA1
5714c300ec6193a75e0861117e0754d30f521a20

SHA256
327a0f9cb277736750994cf43e52d911c43631eb54e7e1a851a4c10590a80416

SHA512
43d5eb520e6f0fc166ac7c2004593358b7ba57e877698dfe0153ca77b4d3194ebe6a118110bd93bf2869d9571c2ac751152dda84377bcd6aeea6f844feb21630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6f9b779d1fd9c43989f392e2421f6cbe

SHA1
588be3cf0d1d051e175fa947a5e650aea5e175b9

SHA256
ab38182a556dfde46b41879f7a7ba8e6dfe4ec1eb80479caf5670c4ddc16ddc6

SHA512
2674e070a4c6886784f092344159aaca7b29d7e68c83465da20ba1e8265ed9732a68e23c0a2211aa9cf17726a99ae5ca8d0f00f6991013085025d21ef7c79229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
e97e522ca82f173da7cea1b69bd11af4

SHA1
7ad7fd6a63ba863cf305131950be9f54de9f5348

SHA256
549ccb08c4618e26644bb64fc5a5e8a25dc6d4a0f24d607c3dfcebeb4c411e0c

SHA512
088b700620d8c363ceef0b0b5d5061812610d901429e0ebba33be0b65024209c24107e998d2e8bc0a8df0b8f62273137583fb68e3718008b150cabff085b2f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
13072cadf160068ed4e6e78403bbd0ef

SHA1
e8c49d45170b87bd09e6110a67ed0c9179fd3c33

SHA256
5fac99cf0727e664214e81eef9bb64052cdaca2a6decfb72dc3614adf76f263f

SHA512
5956e6750026180961d6465907ce0245be83907a58479833ee31d0934bbc27abf935c0b69063b77b1b05e9fdb32734f8178e782bf690791b6166ed9039b592c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c1c1e97780388c14e9de1b3356cfcdbf

SHA1
b5b545f6f4ed2c1c178357aaa91ac611aef876f0

SHA256
0bdc5a5c4d34435d6ec6357815d321005d575b98483443bcc204f29c6ab29137

SHA512
1a9763aed4eace35f97a228b3c59a1eb915e552b70a52569e73538853d1f369aee86a2d022ec006c8e6086c7ae97138d76ab8e95865148c9cdefc320b6e782c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5a11b026da78a16cfe4d53817cb15102

SHA1
68e494afc28da125807075d67760d98fb0e80d3f

SHA256
404ad2677eddc1a2053dc5d2d9a68355399776e0d87206f67643bbfe44b5e181

SHA512
c6393593c5d835014152898c53c117d9be487bf2c5b700cb51556cad5aea32c69b28187d7e7cd536ec612e0a39970c9a617e868401dbf278403366ad3ee02d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
40d88a8c3f0c66ec63b85975d4cbd58a

SHA1
c5dc6702c7e7490c5b2ee1400e92dad5c768422c

SHA256
34cf561dc83898e87e51d4b71265b75e68474003b79e71242496197abaf69a10

SHA512
041163185e2ff11ba0b2b5a1b32047d69b9a4569a04d69e967ad8f45e707aa20b853647dc1a399c78fe2e428fbb629f3c3eadb7357d2f70e5c1f365a0367d635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bf9c0e77f2ced20e5bad61611c3de55d

SHA1
85b5cdcd90e905fb58f23835dcc3365cdf9d730e

SHA256
16fdb4fa3204412722adbc02d2c1f3e81d37093511451040bf187b9f87a605c0

SHA512
abbe6afdf49d2ac9b4d2e628da67193c8fa48a80558636130ba8a306ce3aca05d7b86ea2bd3169784474d456d22ccd5dc673a6af44c6c7cdc0b2899edbe2a5a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c3b86df2fe1c6e2c308ef4ddbba84d11

SHA1
12aecece35ca1de1077acc4491e05675c7591944

SHA256
988637d3d64c9a552c8c8df4673991c345b23c08a48a2d452d8ba37c3c92a2ac

SHA512
4b4c455d8b13cc5730b1172917672bb9383be9b744577e33e469b744c6ba547b933df47f2d299ddf56964c100497c33382b612b46466fc63cfde30d824d8f58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
279c60672edfc3f406a0fbb30af9ed6b

SHA1
08a2ad762ea903fa33c66a7733c431cdf8a629bf

SHA256
6bd8f6c24617cd3c916d9f39c5edba4d05cbc241826af8160b89cff8843f88db

SHA512
bab2aaa497250842e0caef5fe46195ff96daf181e0a498ef87f93322e726cbf95eabca2d600c2357a7ed35992370d3b8aaca370327762c4583e6e5dd7c5d0ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
96075b48c4e2cfac3735c80f356c8537

SHA1
b1e4c940396e8d300b2e63bc1fb33b87f51ac302

SHA256
efdadfc5dafa67becd4402b87401ff101c64f81c61112743aae0de6f5a119fb6

SHA512
9ea0741f3e31aafb54e0e35d44dbe11b91fb472c87c2f7f16ca153ecb119d271db83d4e0093f795cc3f5f6ded3ae3257398df59512e5fcb1586eb4a5625bc015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
741c78e69052a8385559685bba09f968

SHA1
ad819a3ab358bd5c20637c02ceef3df313133afc

SHA256
b8ad39f050bbb62e59689d849afbea1a795bf8c923eed9a4c8c904b21bbb3572

SHA512
b70dff5dc3885464390b6ffac89bf8c5861491ff09cdbce9f62391524fb6ea13fc729ebe1bb6322049d27c31071ef0cfdfd279d7b1efe5508ee7d0894acc33f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9bc13464d37b9b4f1b3be6e61a92ca54

SHA1
35b6a968f14b52f0980b3e933c1bf4e7340d8454

SHA256
8698005710ecf6b9008a938e2c6f77a31f88682f9628e53243c1373d97e124e7

SHA512
b85d654e1cb7e6431c91cb01ce4742cf1106d91d478584579f1f285c61c4338018e166dd9cb2878d58ef55c665ea5bee0c257e8a657ebb8357e2755052bedbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
be5ce9e491ae88f050a133123b23fe70

SHA1
64fd67972ee278c2c2697fa9573744e0ecf7fb18

SHA256
27d0f463b924501130aa12a001b494efe311fdbc21e23adbfe8e55f1ed85938d

SHA512
cc907ee7cd233d13259b39634458e84423a5030bf8bc16e36f5e501458473d1f8f3ae6b92f7d21b87d387c36854e52c27fabc44b40b8686366e1f38290e75d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cb8e613b503ff8a83b44303fb2898522

SHA1
bbc8416a3524fb3dbd79b39d14ae724c62a75bcb

SHA256
d239b548642a76950aa4833740fcfe1600d25a4b737d7ae48310ef87368b04c9

SHA512
6d4104df0a13f33076aa0cf50bf5ef8df4a3b9ad5e693a765151c8d502d3e21822408253acc695b8733789d3f0086d3372d7853d9cc8745039211c3fbab2a342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a34ca005df3c0526928ad2d51d19bb4a

SHA1
c5624f0b42e0d40ef0c4b2270f4e70c19499e561

SHA256
f4a58e32622bbe8e549ffa976c9ee402219d567cd783259c53208a3b82388905

SHA512
72a9e10d55b20dfd1415c6b8d13885bc66edc17798eca5a1d0852211255d31ee57cea4fce057f7f1d581607cd3a78708fae9d29feb35a932c18edeba1f3c9a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9f06a6028e752b0e5a8162fe9d51a5e5

SHA1
c8f1c0080424f613c5ed249fdc735b260360694f

SHA256
823a6f0afb37a17e57b12e78f62ecf610b1c6eca651406bd307deaa01e48507b

SHA512
7ee4ad59584231cf0ed99db2d5556947079aa0c705115f3f6256961da05ec796a56d3c567e40b53ac96735d4aa5066596e7bd97582acc3d412528ffc96954256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
82e0fff89c5d91a09c79aec1aea60b8e

SHA1
fa25eb3f7cc92eeb5ddf92104b680abc451bbdf6

SHA256
dc62e8f97d023fb7bbf062e7fceadc387167a9ea0d586f049ba2c2984b1eb96b

SHA512
953b4865253d55eb8f8542c7a574a60121ec7a14eabad105aaf9fee911c981a92d1ac813e9bb27e1958765876bebdab280417ddfecdfc70013278c6fef0e74f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cb5ba1d396628067eae6aa573e62ec2c

SHA1
f3179906eaf0e12c115af34085b513c155512c88

SHA256
41710eaf48feab2eb47aedf7525800b87781d26258dd131e74f61019c30a845d

SHA512
c3c3472da05ef0baea6684c3cef3206d91469a14c7f2fd6ca56d018030b23d4da46a6c7a7e40931ad9e0cb01fd3b554c1d7770fe8dc6613e87fbd5871250b1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
03e4bfa808a2cd2e964d075e059aede8

SHA1
a8bc640a856d366163b21e43a046e9336f4fac19

SHA256
60658d81d5996f4f0d09dacd73f8e0c0bf517662fa100fcdb0eed9af30c0ec30

SHA512
e3b884ed28ea204bbeaff24272bc1df0f25c203ad99b8c28f32e9effe0afa54690b7f6eb3ff743bef2e721c6eb403593a802962e545d915521db7bb66be41039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c2af84fd4bd120a5cf59c39fcac8af07

SHA1
1e8f3a0ae3d04a442a5685b44bed4f14b6abc976

SHA256
0b2966f562a9ad268735f9f534f74c38f4fa5bd3a1cc1aa0b30e0ee4eddea6de

SHA512
026a7fb38a604dba18b4719424e94f2a0d10cafec8f309dba962e2f9960b96d2faa195136e89fba1297088e0f48a5ada152dd3d7e539e534da01f33230fc4a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
49c778eeaed0b7c9aa70a9a5361220ed

SHA1
7a877a74c802fbfa476cb1deb305b12e13464c73

SHA256
51170b6654125433839f31209e8ee3003ebe0a17f7695bcf4f57790c2754e301

SHA512
9c647f4fb907f0dc60810264b2af6deea7d58f9cc443f8dfb7b621d7e8d2ba6d07803ad1eb2af9d416faa747495831276cf9b92cb9896da1a66948bad0fbedbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1190d2f96d459f22c8e046efc31ae210

SHA1
b9eb7a0231f3d023ffd4e83699e8996f8e605ce4

SHA256
c8103d284d3921eeb452bb0f7ac5be87a8e0d3313ebf0f2c387a758d2916353c

SHA512
8c7b950b998cbf216712f29f405ac2e14b061d07a0da9d399a5fa6e568ab6e663aa00e7918bf903127a4d5ab0bd25ad46c4da894b5949cd6b8367a2a334c202e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
094f2456828a375d1739c2f2987e61f8

SHA1
837bce10ec2a1974960f1d579b67cb551d598c6e

SHA256
349d418157fc407e85176bd2c65b4534bfc534b189029c1c1412c39d073bf206

SHA512
6f45d5307dbf413305a5004f519e6bd8b63904b10de8384a076cc697e95c5b590b964c427acc75edf835b7db0a45f03f7e39bec833a669df950a8272a00bd86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
3a7dea3979ed2ca0c582aab5bd3d2c85

SHA1
3e06cf31a8492be41bb1759a489835192ec0d3ef

SHA256
9ca23c424468aa0fa6fd54a1e2dbbea75f15055540e5d50d2a784f1e61450480

SHA512
808a9ba291df0a9703c2b0f48c0f917511fda0276e3880450ec76dd1c5aa1d29c70c0ae86c2892d9309454830346c6ab630bf825943518817adec6e6c4a6d8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47f225f0ab9a69275bbeb83c7b1b78b9

SHA1
6ac788799a5cb5f904ec47895986856accb44158

SHA256
0b6fdbc1a0760fdf16b7aa66a60c22e76dfe07044c1c2eefa301408d16e2bcd1

SHA512
74bacfd63758efd74d5b2c97c37148ae2ae2be9fb7afe972c913d70eea8b25a5e3112a6ad6ddbe0ed2c856b8ac380050ea5eae1c396f8029e70129cb24985da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
453e29016a250372b45cd67590a6cff9

SHA1
9031ad74513cc6d41d1c8c0e918d353b57b41964

SHA256
adfc0ce5e92738054faf1a52b72bea16cdb452cba68455975cc1296f34f65fdd

SHA512
3c1387b263859231cb7660b956f97f2387c655fd40e954b940adb04524b951c9650825bada18288805c9b18fe524165b61a9b6b54e306a5b30497d128b6ba81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45fc7d7560ab696f90f8d2de0225f6c0

SHA1
25bc732e14241d2dfee81d04ba7d7551ba7ee100

SHA256
83bef6a1ccc2b9747396f49053c642139be1204ed402d20d716f12d07405e933

SHA512
16cbc83c59dbd0f67968769f712a47e9d8981303a939311bb98871cb209c3345b1c6ffb0676f272171709f5c5374615742fd76dd682c123fd999ec892eade659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
12b0ca3435d2dad463405edb495d5104

SHA1
c826939037cbd63df5900db7de1d198a5ed05fb2

SHA256
c6b8a43439b7ad8f3a9616ee75cdaa4f3d2bf6991f8d2fae6a047fc725b8f18c

SHA512
ff26d298ef6ea8b7540a7b4bb5c1a980cf4629bf467c8b10f85a875c68dfbc70542a605d11e9090a697efd742d8e9e6a5da74c03112af1d9eeed4aa11d3fc784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f8741533bbb006166f3c8c1441e435fb

SHA1
c996f58455a8acef8113d21448e720281210fe14

SHA256
effc95936a4368444a3349920460b003bd55e8c56897d77f65256dc50b005e72

SHA512
dcce657953e5b05fd8ff32ff2446312a4b3e324fd846c5ca26af36ba8ccee9f1574ecd582d2109f44d820c7f31e9a8d0d14bf399126c98133f42c669dbb5ed87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
29d7dd68836fb9ed4db6ac413cc22223

SHA1
dec284ac5d18d13d46c9f4b0440f719732db16ee

SHA256
2d434392847ef67d2cc121d4b5aa5e17bf50b24f219f107607c535fc17f1ec83

SHA512
4c2be9039cfc7767fd9b1aeb91da21f84917f4efe1678606b903097025ecb274e0036068393f89ca518aee4c53d5d7ee8665ed6d0bba859d241bff74108f675e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
96a76796bdecf58113178fb54e75204d

SHA1
8ef3382da25551c83ef7161366b905efd9d275bf

SHA256
865d59b06dfc55c09723a0379512a65195455caee9ee4a3798ec02d1f592222e

SHA512
7049fff5e7d07c906595e165d905ca51dc73608047d89ed6b28951ccd86e479bf30533bca0fe57298f0805b19ca3e0cf5a7a3461be2f02ac2c6a249c29a8ea70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
42a8765f8170e8b3ec304f07b64bb4b4

SHA1
72659550ab109fb6232dccaf0aadc51a474ba90c

SHA256
8a105ae55b0b84ed06fa075ce56e90541d0172f96cc8bc6963c0bf572a88c6a6

SHA512
1d452085fb6e9d54701c76e1a3329212ee21e1784f9d6ffde1c9468c9d57245dc261d6ca24778952a13dc9749d87a8abe1396d1650920c98be8c5cd83e8c2b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
beadd5c56ac948bc351f101a07566f19

SHA1
c62efc59d3f83a425b06c1db137edcbfc40fdf82

SHA256
37944e224704b56915c0548025900e6c1ab2b740a9b1daa78640741b8644eee6

SHA512
c71ee1fa27fed4936a1c585437ef022ad83fb82d071583589c8a44efc2d7ec18e2b655fc6f2910e384a366fc2adbaff26c5bf117a445b7fe560363c225cf3e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
008330cb108a3bf809545be71ba3a20f

SHA1
2a931bf8d1eaf5cc6e13795d9551b6f6637501a8

SHA256
e64ccbb47e25e37c9687252bbaac52f4383f06f338b2cff20017e4e8bb3b8c12

SHA512
5f9ec76da0ed0ce1706080eaff5539c4d00a5582b80f84fcd646efc0a01306c5b075314c5b2ab2154b39ac4c2e4fef1fefde9b00fc9d24392169df1c556b9767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0b6310abb449ca7c0cf50b6a4e365af1

SHA1
97669c1677591de3214705dcfc0e561411f94638

SHA256
b3ecf3b53076a9d34f1b668c99822643bbd8a7ec41fca6290fcdbba81fac30e5

SHA512
4042e8438e3268315072336353629ded07aa6fc17c9a9af889b74b0df84af89b733fb86a4273a77f1ca12fdfaeced07e3d8176376fc808d0db37305051527639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0abb5b8685e1c9036ae71929570190fa

SHA1
3ae792c6bb39e1c8ca0a9cb633a7eef65c1105ed

SHA256
dbee390f8293669516131c423cb89c0b0ea8c52ffa79e846722df8045e8346ca

SHA512
fde6e621980e11edfe86ba69cb65f4f3a43a4d94ecc712efb4787f91014a5d9ace03c3281179781af0fb370ccef8a1e8fe4ef996ecdbc01b02460c6e31db66a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
394b465b73bdcd7a58c65e1710f1e386

SHA1
37653a55155c10b8bf6a4d047e622ad84ff9c71e

SHA256
61a6561938eab377523080faa49076cf281fdfdf305d79e2bbe209bde3f59f86

SHA512
16fc2a2d9f1002c7334623f5c330fc55d27a86aa8217fb724c7a6b08e3bc480192264e4ce8793b967164121a9c26728fe9f07e93242a4d85cdc18dbcfce91413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d052613d9d059219af9ede1659f7d45f

SHA1
66e1340b9f49b3c63c9f63af7c1a506da33dbfa3

SHA256
e1d3a5d2efcab48a79f0ea5bc9d3dc1d2997b5259f148802a72f534ccdd21212

SHA512
0bfe1b3f9490866fe6a8acedaccde20d8c125f1633aff7e98ca6a5a539860e28ca57ad684d3000c82ff58dabd3f61256a2c35b4cdacedb24b4e5d0ee1d0457da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0c27a9c565436d6f289aa8e65aaad612

SHA1
b9f345c6a24b19468bb02520273f1ea8db79c234

SHA256
0946c4875c0744ed32e1c045607f360042ed4d95168018eedbc14e259c863774

SHA512
95e1197cda8457069349124b293bce4508e661ff74e794b1f104a307b8d3c6ab41f20433da40c28ac757ff4326807a5447de1a79c4b3aab4a7bd292ebc8d561e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b28bba4c14fe9aa0a8a897e9e4e98fb3

SHA1
bf0bcf63906dad77ee7e26942108bdb7f39b2095

SHA256
407062c36c3426224efd9dc9d559d8f1fc24eef530e37535d90e427646d35223

SHA512
5b90d78c3cd693e7d8c706b83c79fa649d1b39627aea3e2644ced0d6211060dba3e141aed6e0ff67df3711d32d1005eae8ffb4b4427d3c9066757d5819d7b6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1edd53697d57a2828726dad4e9d50d70

SHA1
86275643c5961b5428c3751c3f164973d85c9147

SHA256
81c6e812ae1cddf1628ae9377ce092b9ed50a436b6e1a9a3a540d675ada6eb99

SHA512
3fd0c018c89260a30901b030a513691d0197a7d039b4d79be1b1df825727ea845c31791bd215f318f54741daec2e2103359f4c88679197bfd2c73720463446f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fa9a7c4d55e8acde57189996da17a219

SHA1
fba3bb116ea8bcafe8e05c881684a0fe0f8ded5f

SHA256
4cbd636affc0e654af93b225cf94cb1c046ede14a30d81326d7f0ce4e0a4d721

SHA512
e2c9c502258dc7c9bb52c4d9710bc15885dca8d29b454df425d716a9073e970af86ac61a042571887f028df3f83e276b2fc36a25defcd4a808d662982b1302ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
45d765abac45f2f8b751b9b93913d9c6

SHA1
ba3e774380ae3b33dd2261db758ac3b3a2f7c173

SHA256
436a96aa421436ef1202f9334e8f42e9c2a67695b342735bcb4b8394b4dcca31

SHA512
6b602807e19437a8e23e360804cb21bccbbad411cc0f5952c2d579c23a4cbd5ff6d24597d125f91c09f49eda5e9d206e87b7fd0950ca1ab3ba9f6365a4844091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e5c8da22e948ee70816085573f2e3ceb

SHA1
0bab54404cdfe0c50a57c6a10468ec5d999f9aa7

SHA256
97ec78dd9cf4e32c762a93711670f9bbd2ac8686ab196edb595f0718243d61c5

SHA512
5e2d42e00b8e5403ebb25574e13527c0b1294d1f5da4a49711a8430b2c171e1b36f5814a5de40e2698982535eaaace57567e58c37060fad1bdd5ab195339032e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fcd54b734b13ef16de99886896f2ddcd

SHA1
9bd67227a79abc51942ef767cdddac384224e9bb

SHA256
29279645d2baf38a696349ef2ecf461eebb45d3e5c96b3f02cf24192c625b9ef

SHA512
0e4e237c9fd5c06d1db61d505d2f0ed091ed4c2f1cdfc30f4c055bc1dc6af398be479c4e58470ecc9109e3af9aacd8619ebd297affa093da88d62a47f10e0693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f9df77e66c8c204d9635541640b13fb9

SHA1
6404946ebb34f7129e7d0510e32f35228e4fa397

SHA256
fc08be7e700e29a5c7ff21a046642517e32955c531d11597561c99820c51d704

SHA512
d6996b64e8a71975e96f7cf65bcab55e02c086ac5114548a27e0612311473ad31563f44e1e044c2c285f1928b9bc513210689ef2ec0771e22682344f74a7b402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cb1a0dea3cbc4a5328f6c11141504f3c

SHA1
04a51df04922a0f71fe41fbb98cdae01144c4453

SHA256
eba25ef7fd437f18a153b7814c65e454ae6049bf400be917b83de515c78bcc0e

SHA512
1cd430931e6594730b92a1e880ee4fbfcda1c442d41864889691bcffd6c8a7194fa9d0d18aa6b056e7a6fbedfb353f5ffa5cbaccbfbb1b88024a484354c40bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3b6db6167d385c98baa4d5b489070042

SHA1
966fd32eb66e63d8df8dbceb6bede39cf4adc142

SHA256
2194124f3ade39dde39d52f8b6faa7f59bf852ca68e82152ccff7a2df1ebf3de

SHA512
ac4a5033342f014f87787a5e8d9ce8edcd3dd16349a8a7df083b9d4f0f77251ce4cc76cf018d9330736982cafa29527ebf3d625ade9553b9f2169fd1366e2adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ade739d430e86ee69030cd56f3756ff2

SHA1
d3c71f9c847d6ac39cd0dbb64ec45d734a906a1a

SHA256
8d91ecc353c4b534db9bee14b4e09e17ba018dcef58d30f334311cc341e2e60d

SHA512
85390139d8c1789645041f471300368fe99cf7825645f00851d154407d5b900488520a4102a5ce6d70cf9d99f2d73a611c8148ac93892673c143d0f898e3a33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15982ae8799d6cb87e25103bbd8e5e3f

SHA1
4509fe918992ece855c215e04b9a1413d5444d71

SHA256
c546413d53e640fe4affdbaebcc6abc778e884019eda84eb357d6ed48951d523

SHA512
070af23d93d337fded953e34f8d3322df9419cbafa7996ddb21d49aceefd810b7eb8fc443a34a0998b7b928b6acd22b2e446f4575761b704cc43e0f6eb558b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c9d0215a15fd2d291d599c790fe008d4

SHA1
46e9aa6af5130e90484324c31bfc03b7289b1d6a

SHA256
675a437d149b213965e5e35cc2b59607a2c0a18a89a687d39f1af08e09e1f4ab

SHA512
e86aa1c3e44bfd43b702c3dfeaaab6967598efd68052bb00a044b857afe3731771768e76f576f256d5fb32cd798b64cb9d458183addc0971a089344c6a1e0c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c9d0215a15fd2d291d599c790fe008d4

SHA1
46e9aa6af5130e90484324c31bfc03b7289b1d6a

SHA256
675a437d149b213965e5e35cc2b59607a2c0a18a89a687d39f1af08e09e1f4ab

SHA512
e86aa1c3e44bfd43b702c3dfeaaab6967598efd68052bb00a044b857afe3731771768e76f576f256d5fb32cd798b64cb9d458183addc0971a089344c6a1e0c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd622714d6aab94fc46170184d0690d7

SHA1
80554df6e6a5a732f4582052f82836030fe9151e

SHA256
24865a2d3d668b826fc3f2ab64f3b1b25e2a531533d10122141102e0b36e3b17

SHA512
7125f828eda1f85a86b36aef230e0d6b0dcf9ac68e03b996f7945613204efa2e90bedc8b05f2859d6538a5f74a9bee651395b566b49f5fe9a8da3680c3fbcbab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aef906d7a4b1e64f9f77c2b10bfa42bf

SHA1
e57f101f9fd1e66891e1b9f1d4cf7725f3915c34

SHA256
d4af69bc968ac9b50ec0ebb646d69f04f25450a68b3a4ae1db5bef074aeb56ac

SHA512
2bb3f5b23fd3ba43f6c2e73f2ce4ee72f4417a1e9e59c6efe15e644e6f00c6b085caaac985843b152d9d6958e6d96e9171b46fe75ffb2fddbac2c095925cd112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93196019854e2871b74926e262cac0b4

SHA1
02f7764d2e9d03982d1584d404fc83e09482428e

SHA256
e3aed2bf8ae2dfba9b153cb920837248754f3252adefaa0adbc37ebda31ddb87

SHA512
5191dbb81aac8d998ef2f7df82de282a0a180b4d088278fa01ff8174593a720c2f736289c48cda40b89ce3f9a0c960e582e2328e3f68c2717aa4b4ea7f9dd2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7796bccbd2918d515ba5b41ffc44f503

SHA1
24b8b43bdda8d371be5226bfbdf61ef226dee375

SHA256
704dc80d8cee75aa5d7e73a029af7f7308f8600f75bb586db7788c70e4cad18f

SHA512
99a910bf9a9146a5d783c82f13abaf663eba11bdec6c4ae823fe95579003930b6db4f5ac88a1ec34d4c40a96224be46f47f2ac427004c5c355b7b2bbe02973ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd88f24b863e4e7fc2ce02103dc4ecf9

SHA1
1136e47f1bf84d5fbc033383be3eaca21131a537

SHA256
5648f2cc5201444a8168c667309a6c47226b6f4cb6e595ad64822c850572bc0b

SHA512
6560acaf6d69c4d6293119236bcb7af397825db44bb252334ebc145a28177800a3cba98e0677b57b49b4146efbb1fc527abe434788998d6b04cbca8af88eae65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
138B

MD5
a30959809c64d067449454f1569b3abe

SHA1
f38505699f7af66221e186a65ea92e542bc33e7d

SHA256
7c0d0e79e23a8e3f238c2fd3a6e0b4997310da707eefe8ed4a665618e44dbf0a

SHA512
073dfc0c1555ec4a05044cd8fb3a4061cf61922b6302655c0d031c31db17b505305b21371d74e458f1ce06009a500865e764f5db2f3b48084e417125fb4931a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
f20e3754e2b27866706242f815e40aa0

SHA1
d49237dda106593ee821f60fc9a60b7e22bb74a7

SHA256
8b59141f0f77ff8b31bc5560782211faaa19feeea20c9529da1188cc79bf0d3c

SHA512
0120cb1eb5d95fe7574c994b163d788c511d49f4dcbad15cb55681de0aec17e898b3295b7e88c8f616d73fc5053ac703e0e3e2ea0cf3bc22a62a8ed1ff8e8fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5ab8d2.TMP

Filesize
138B

MD5
294db706f62d8fd7e48eb470f12c05de

SHA1
8f06765423297f26dbb6fd81ca7bf7c395cf07a0

SHA256
e4c33b41a6b758c16c804a5c49db94fe48ac37869be36314786bf3db68bf7db1

SHA512
ec99708fb2f0ae7d2c37e3cd0de50bdf0b48dfd9f8b813cc18537cf163b9ae063e21e965067d66eb8b11fa07739493269707f2712b92d1c4c58dacfb9bf951e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c86190bc0c2c1b226c4451c0ecfa7b80

SHA1
f0d169bb551b1868528634882aee83f05856b3da

SHA256
0afa1d07a2ad476a883767b894049bf5a3d2a0f5713adca1b6dc3758ff8b7974

SHA512
e413af2a4e91cddea351f931bafb982495441a0ab5c0df3e1bdd0391ad3f7fd571f47793086b9e4d26923dd307e88995ee8f44944b27cf8c9532596442ff4865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
49bbac62c5e3f0f6a5d6aace1f91b9f9

SHA1
e6fba22cbd59a9347b5cafc7c0627e1b8360733b

SHA256
966bd5323d330d0b64ba003c2845c0b60de0d23d8142fa100aa5e47dd32d849c

SHA512
fa3658e3b3510d9bb5d4ee2abd36eb747fe93b7ea4b64f55c845fd04888f7222e8e90a266983f3e9b6eaac6881af91e10d5cf7fe27f43d9a1459a0ea1e7bd0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
0f52e133cf803cb4776ef474fb1b1951

SHA1
5dff05edf24c474e0e00a739a134a924a2c58417

SHA256
ba06c6e422ee6f717cf73f754c6b476da27d5a3f6185ca7f4273b6a35f8ed7a7

SHA512
1ea8a4e82edb97a6df304353592e19c5c25733554ac7e0f57e6b147e4851e795af41e585c44fcf9aa5348ab213133e3b9bc493f9da645494351db418e31d0132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
8b659c16a27fddfa22ee69e6b293d1be

SHA1
2a0fd92da90ab19ad878b4ac2f6c3371cd8c269c

SHA256
14facafdbf3cd7a2b8ff671ae81cb8f6d384389dc25ae4189347d3f648906421

SHA512
5e81eefa12604f2859194b5e8d93e0c29af61b172626aeb98a01e7b73b53cfc30da60bce7bf3af21cbde64c7afeef9d09638e6c32a67370db94b93ec0aaa2702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
da9bc9435a1bd7cc50366387c2687c4b

SHA1
ccce168c60462dfdd8799ffc8e5cde1ce92be70c

SHA256
575846ed5e262a6ec36a6b7d2380720faa95139372979874a9bd40f3842fc82d

SHA512
da2cccb5cada9131f015e5619952b9a433b08e95733fd1ed13f9e4f9fa5876385142e2ad00be3c36454a30a094c5e652050c31e1ee26bc425a884012b3dad335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
a72c507d4f513a844dc07b25a2c7f599

SHA1
22f9a5e9dc991edb4b167e15c456cc3dcee90a75

SHA256
5536032f75f4b6f152e58d28138bcb9eb7c048308b1d475d8f3034dfeb573d64

SHA512
e088aa17a61523f54a8bf920523f1f1f6a47debc290894cecefeb5d8c377a94d5612d05aea09caf30e6e9fa9daa14e523678620c6de1f800b4016d61f0475bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
dba9a4a27bbe8de161c6da4768cec712

SHA1
39095f144c8cd348b8efb3b2b59debe4b299128b

SHA256
1fb1bb1620fb541ae9d34b3cf5f211357b905e955a4140f729e80c704a7caada

SHA512
453c182dcf63da9e1d47bb1939c99705f709dcd25b1f95b7813f0a2b722190826b85051051f32115a8e8c12261e3c0fd72675207a3cede62adfe8146e90f0aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
9f3409a77802400fbf46ea4b851b4a7a

SHA1
2f330d5a6ef81bb622bd5051ae0e5c4f00590aeb

SHA256
2d3638af507d3dc754d190ebeb384d25243ce5f791ad14f51e95c75546d44f79

SHA512
b46067a28bd3161b770bb3598f3d1303c1e6f67d66e03f1d54325e0a63182798d4e2302261715ca4621f6d1f852313cf4bb948f02bc547fe3c813c95091c825c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
807cd9728692a8c2d5c496c039d6129a

SHA1
374d0467ba2bc3426a039ddd01e94340c81673b7

SHA256
1ded488e3529257099e877adcafc7a6c2060b9ddac7dcc08e130bf3f8fd543f2

SHA512
4598af70cc6700b6ddc246d2e8aacbdc258aff9cb6d605d8833369168498ec6a1f80ee95780d6131b738d4a29b34388ef2c4ea0a438ff66be8dcf6affd4c7580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
4977879e9c46d1d2fc754f5365f84207

SHA1
2916c176797262e1cbb4479223b3c062a5480ce3

SHA256
004663004059e36b7961d65f8a78f14aeed1166d5ec5e5ea7c4e6ea417e80d22

SHA512
d09b4ee85f23216f566b32310ed18d15f53929f4bc582034408ae7102d864b23fd009108bb9359a09b60b26ee4f8654f8968d27d6cde44a0a7caf84bed9e1024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
71e3657a4a88a85af65ebe1152b49a79

SHA1
e2819181a8189924de38bbf1c7a46c67afb8743a

SHA256
9796765b7f4823e15df170632d891d54a5c8d58318271c32e6636f8cb74dfdc8

SHA512
c97b40446218c7edf26257338e8b03a85aedf256d98401ebe8a7d46bb31276f1038337a9853c28b1278fea8b023778b1ee7012b7594781fe2fc0d3b8e653ad87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
10ad08b691e1bd8f249f5d676520639b

SHA1
6ae23a8c249381d639e61e715c13d78fde052f9e

SHA256
275086c7b62eee9ecb5b5dd1d17192cada0affe5e704ee8e9e349126256ebec7

SHA512
29bec4b99ffcf01c27693a49c0a4b5a0308554be815b768f05b3acca9dccb6bb19148fe73e2bf73a4843e90e8fcbbb45b446f0ba2b902b0e22fc588de9c2443a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574611.TMP

Filesize
92KB

MD5
de3f85e18536eda42ccadbc89369e49b

SHA1
31768377e8615f72dde56750988fee676decf290

SHA256
1f42799e03a4f14dc509f85654df2b5b4cbe6d60dae52bd8c8c229f517818611

SHA512
e370b915a1d6d5e21774234d7a46cc09bc8722aa6dd1f9056aaf0365cb20bbe8902220c7eafb77e86479e09843e8655bcb2b0a11eb8439cdcec364d0169dfab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f35147d4-8fad-4fb8-a95b-0e1c2d5e71f6.tmp

Filesize
199KB

MD5
e63634f4fccf2403d0837afdc7b39d08

SHA1
437a09503bdaaeb388d13b0c5c74d7fa1498ad78

SHA256
c1aab1e19ded97e222efd7e1ac15404c2d4d8e928560e01c04640b0c6afe2064

SHA512
8772c8658a82d05eea0096c4bd3afc29da2f60bc42fd8bb51711d54c983c679d89e8c810143ff3ca6f66a10885c5d40010f8c56dedede9492f88c7a62b4d8128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMT3HFX2\BatchIncrement[3].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\PCClientBootstrapper[1].json

Filesize
2KB

MD5
cb45de8eab08132c12159942958db652

SHA1
cc85253e79f45974772c8c5351748c5ee57c8430

SHA256
8f807f55a7c5f5fdc8f9796833be86fa1c5e8ea8ae73a639ae110e45bffd7146

SHA512
a4a7b5636c47dcb03f23caf4a3df38f58fdf71de50a5bf5cd008bb569d030e61bf8efba27008a33e1bac47eeb26be24ec40884282a7137c4f753d451af135a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTLFUYWG\WindowsPlayer[2].json

Filesize
119B

MD5
cbc56e4a8fcd650f64413eff0c7b0e4a

SHA1
9dbfcb3527aa4726ca8eb1ae8c2930022c983039

SHA256
8cfc93f2c2f1bdcad9b46d7e99aeeba08d03c05d975e28e92b09abb02517486b

SHA512
62e266f8c5f2ad8b8edf18ecc503d957c4efe24a51e816981a17554a9844a230933762f2d2249d4ddb004322849d1ad95685fc0eec1c2622b9636f8af41d1673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5DQ3O1BW.cookie

Filesize
67B

MD5
c7f380cafc2fc128cca0d48fc4b6568c

SHA1
9e8de0ee7d3819142dfe0d48b07036be1c6ca5db

SHA256
7156cc7518235447dca543f6d5bc5be4621dafb2a5a949f9aa1b367a205ecf99

SHA512
b2fa108f068eee739d5b8806d8242410f6ac0c8aff587e3a56ee438be9f5f678032cf505e975e0809a19b1713a56a051cc67622581a2afc5fcd3b88e036e7a93

Download Submit
C:\Users\Admin\AppData\Local\Roblox\GlobalBasicSettings_13.xml

Filesize
2KB

MD5
58d0108e5f2120bcc1e19ace66c5ce5d

SHA1
84d64bce436bf7375ce077ae63d70aad35b9269f

SHA256
e1e1f1780f8141c33c7f7f7d6de856d80f66d514c33a89e490460f8e89a57b98

SHA512
de8c4f317bf82ca5e67955b9501642d572816814f9a29575d43b2f758c836cb956d7361997626902fa376f18c6ee8f6562be240b6c2c5b7b0272a99d6b4735c4

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
4KB

MD5
9d908a33ad7b425dade443e9c365433f

SHA1
1c6c436dc6ab9d55bc3c96ac685b8a704437e1e4

SHA256
db564dbbeef011cf9ef6552bd6e8f652d96c1f8dd0fa175f78b53cc6a522983c

SHA512
2ce5c506639fe5469710087b5cc36ecec7d2497e5cc136672de8deb2f27b7c6d1ee1e7946e3546015da380bccd4d160512695d8c706e18979953b5513a1fa7e5

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
4KB

MD5
d76d07677b84f33358cbb6195e0d5742

SHA1
79b4904bec9a5f25e8191db1712f908ba83d3171

SHA256
f5367fc8e85f1477369d12fe8658981d1638bbc0e66cbfa69bfa60c39d344a8c

SHA512
061b944ce6397f0351ad40c6e12f52aca6ea2a1eb5d97dbc4315429b0dcfa2e0bdafbb0d4e860092f8da3464cab7a7c9a9e2a5bd547b8810f6fd7bffea2736e4

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
4KB

MD5
2109ead3a9bb550a898d7393b6394dd3

SHA1
d3fb127d47e2236da0b12146b32c33f4b030ef5c

SHA256
1465e014f9d9bc94add1b9188429101f5f1e9daa62aff1bb72f93cf3caa26a09

SHA512
dfd19b14171d1213974f32780ca3a2c65de1f2f20deabf52d5ba8803a7c903207c55f1e547b0bb54764fd456150b088f8f4491567d92d5d42f14efa10fd1adc5

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
5KB

MD5
23b9b5b2b31510b96aa4fb5cc35f22f0

SHA1
c5ce77a5bb7c38ecfbd72505654411a284fc8518

SHA256
b3ad259a5e7cba2308699d42c4a77836067af8a37951811aea6cb0213a436c8f

SHA512
8df3c3ddf20ca23bbca19d640857e3ce3766e86d18b75c4a72fa521d9ee4482c2382aed30b227d21327dc2c3f0d6c08399145f93e662d03fb45fa9e7041fabb0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\frm.cfg

Filesize
32B

MD5
70bec92343818501dab13a2d17e37023

SHA1
1d821e601238df7463d67f68a3799d6dc6a9dd80

SHA256
92a07f0002843a89a9feab589b88851fd0329a08d14003c4ed1fc3f440a7c21f

SHA512
c5209f7d6dc6bca4739dff7e2af2aada8a3d6cbf14abb6e178fb7922acdc48357489c7d76181f2bb208229bc25591d3f79ef832a8a9d168b1f3f4e74f93a336e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6308009873b6e28576872a25a9dcd1a8

Filesize
30KB

MD5
7ca6bcb13a0072a3b3d6fb25669117aa

SHA1
2fdbae6d3f30c970eee315942aecf5f4829c976d

SHA256
cdf001654a622db10db3547f0fa44df3f2f694ae903fbd91dd640a09ff9cdd70

SHA512
cf0cef38aba39465f19bd025743146b13ee5fe425b78fe55098f5058e163a62fca59d03bd92ba10ce5866013d3127e273487042bf08d9cbfd5c477abe269b63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7d7a23bd2f1cd86cc1b3d13c94d4ddd5

Filesize
91B

MD5
f3af444cd46594375e19744711a93f33

SHA1
418776c8375db789fe801676106333e2c3d45d70

SHA256
74c004be22aaedf9433b1845fba7c6dd50aeb97805092f9b6d216b52ce3a41eb

SHA512
d99456b2447d41764cfc671d336c96b64edd2aac60d766e746056fcd36f4896a092abcc29da9f13a0d001efa1631c28b9ac4b1a2a92920156ceccf254127849c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX394A6DD1A64E4AD580B54D21B4A09D0D

Filesize
91B

MD5
9de52d85b06da1acd48afa0d6d1d19aa

SHA1
6683b9c8eabeb1f315873fa6bcdfaaafa9353ad6

SHA256
8b231ef4bd7d12979f583d8c1b89c66ae7e379d6557a1bb6bfeffcafc15f1a2b

SHA512
f3c1210177102ad92dc8661720f12f4c6aed3a86991b59c823471464feb2eed41cc1512acc864cdace009852380701c20a694fdc0311d5a023c2b9298979c8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX5C42C2F0F50E4920802AC79B0FEC046F

Filesize
91B

MD5
934a11b8eaef18e6790e660f167b251b

SHA1
1195e4573af3ac1c966de8210b162d76f57df7e4

SHA256
8a8ffcca05368fdf6f8941aa5ebf50c565c4946e660dac731827703d5d36665a

SHA512
7b9ec190b7cbdaa40921a775beb6cc245f9e92b12785d0c1a9fc6285a996a809a2c80546a099fbdf5e2628404e4cedc2ab652f3e02c27012fd2fb3ea6d1ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX8613763F92724EFD80159CD0D4506E2E

Filesize
91B

MD5
2fc2c62f5cc9da9d3f3996588a9c26c0

SHA1
6fa5dc94ff062c315f9fd0daf44df5abebdba48f

SHA256
e962b4cdd3e18b3c30a5fd78401d9fa4f01f5e3bf1a44e2ef82a884acfbf0fe6

SHA512
a54f7456680e6d2dabf0c334e0c5c3b5010cb68ad11401e051e5652f76466e00108e0418c7f9bf958bd949e2ec720e1f3f38cbf0e8a6d06ec91ba214a0fb3a56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXA555F318CB8D400D9C25FB37A6F0D762

Filesize
91B

MD5
b04c0dc18c7d55cd67b193981117e8e5

SHA1
de1b8da5292626c82c5369243ab17e1fe87819e8

SHA256
0e9e0d48cb004bf17d389dc2d43451e7c45546210703bf2c36048568477f538a

SHA512
e6a2aea601a6cc021d9537fd56eaf034dbc5932f9dfeca57fa69921733af8d1c22fa4997a596f2895ca60a9a064ace6a135a8c5893381595521da9cdcfcfbef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bb653fb39ec7c9081c6c7dab44529a07

Filesize
116KB

MD5
27d270fe2bbfa65648ba0b912c98d6fd

SHA1
ca4f1a97487e3b87f24f0ac2b8a79a31a9566a23

SHA256
91d1ac8bbe8f19cb86520eecbe6e7af8adf170c3b3ef69331b9f8023886df79d

SHA512
8c2332f53b7e5413e494c3a54aa1f9c75dd192c73296174cb17adbcb3881014d7ccb7fbecf26d96e2335e12a680c9ed925fb58a2ddd0eaf2c0e0d6b0b28da24f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d3bb7e410ab407ec418f9e6e8aba8628

Filesize
243KB

MD5
26e0265513874db84bb38221ad39ce9f

SHA1
bcf1ef2041b45b73af73f064a6db956d2e9fdc82

SHA256
e585fdaee23f49521dc76a5f29f366fec4d50964d326ecbe8a9b84f7f7acb9d4

SHA512
ff00828c97e932c269d68bc3937edc3871fb54efcb0215ed9d12c7465c1bf8127ea98fe2461ea4ed4b8df9eac6702a3e48d0e95ea71b4102db6bf06e708bd7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e6b482665e130d2c6c4c2f7990354e75

Filesize
18KB

MD5
2d23f1c89f39cd7f539ed1e7434d861d

SHA1
23fe2854ee55ae057d614fa08dbe20747b03216f

SHA256
e9c1a8337b695c045dd68717e130e693f012adb2e677f2473bffec6f48c61cea

SHA512
daf6ff9440d3af70a167403e58a54351c810a4471611b085663491ff9c399b689c28a2e213894a22302a6e9f919969c90f6e306740e4b63fc5baf9a1e622c95f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e8afc6350eda8c4c8d7ecaf105d185bb

Filesize
91B

MD5
78597cf7ca49787ffa824131d9d2b196

SHA1
dcee1175ea2f3ec558bfad0baa73dcc4c0107ea8

SHA256
53749cd382c7356a26df2111b6e91596a65cb0e9db2da4a458f17d0beb188753

SHA512
574238b44785382a63c57c7bb2888836adf249beed8cbb7fbe20c69d27b66c02894bd989350e72ef209d6972e73d17c0f469c0deb2c7e5f65db4a9fc4f949be5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\sounds\RBX94C289F0892042DBB39DE01C1DF1048C

Filesize
2.2MB

MD5
d68a3f6247c97f6f0834c7f3ce9a76d3

SHA1
fcac4477795308c7275dbb6251c07e072ee6652d

SHA256
61aabfd7dbac0f81b333761f1102489cba72d870146aff49bad07547be088f56

SHA512
d3a004c629b33eaff1f220231fba878b74d052bfcf672e00f078012551437ea646264c7d3e6704e60fd85110e203be8d44bc742b11ca1a0b11eca0fefca7b3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
3966783438ed2e8838dcdac63681a1b5

SHA1
d1126d224c4bb67630137360a81dc6787f5c4958

SHA256
9110f97042e713216157b1261918fdcc7ebeb8d692ceb01ecfcbd4641b9aebd9

SHA512
a6312c06a333bbedf9ac9f2aa53e3dc8c7b1c5e1cc24d776106fb4a757b7ed8ee8a05234814ec0f3ad4ac721d5aa848d85a45f1924acf1e532f45d637375b9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
3966783438ed2e8838dcdac63681a1b5

SHA1
d1126d224c4bb67630137360a81dc6787f5c4958

SHA256
9110f97042e713216157b1261918fdcc7ebeb8d692ceb01ecfcbd4641b9aebd9

SHA512
a6312c06a333bbedf9ac9f2aa53e3dc8c7b1c5e1cc24d776106fb4a757b7ed8ee8a05234814ec0f3ad4ac721d5aa848d85a45f1924acf1e532f45d637375b9d5

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher (1).exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3812-4613-0x0000000007CA0000-0x0000000007CA1000-memory.dmp

Filesize
4KB

Download
memory/3812-4635-0x0000000000210000-0x0000000005998000-memory.dmp

Filesize
87.5MB

Download
memory/3812-4630-0x0000000007E10000-0x0000000007E11000-memory.dmp

Filesize
4KB

Download
memory/3812-4627-0x0000000007CF0000-0x0000000007CF1000-memory.dmp

Filesize
4KB

Download
memory/3812-4622-0x0000000007CE0000-0x0000000007CE1000-memory.dmp

Filesize
4KB

Download
memory/3812-4619-0x0000000007CD0000-0x0000000007CD1000-memory.dmp

Filesize
4KB

Download
memory/3812-4616-0x0000000007CB0000-0x0000000007CB1000-memory.dmp

Filesize
4KB

Download
memory/4244-3027-0x0000000006040000-0x0000000006041000-memory.dmp

Filesize
4KB

Download
memory/4244-3032-0x0000000000210000-0x0000000005998000-memory.dmp

Filesize
87.5MB

Download
memory/4244-3031-0x0000000006320000-0x0000000006321000-memory.dmp

Filesize
4KB

Download
memory/4244-3030-0x0000000006310000-0x0000000006311000-memory.dmp

Filesize
4KB

Download
memory/4244-3029-0x0000000006300000-0x0000000006301000-memory.dmp

Filesize
4KB

Download
memory/4244-3028-0x0000000006060000-0x0000000006061000-memory.dmp

Filesize
4KB

Download
memory/4244-3026-0x0000000006030000-0x0000000006031000-memory.dmp

Filesize
4KB

Download
memory/5112-5854-0x0000000006030000-0x0000000006031000-memory.dmp

Filesize
4KB

Download
memory/5112-5855-0x0000000006040000-0x0000000006041000-memory.dmp

Filesize
4KB

Download
memory/5112-5858-0x0000000000210000-0x0000000005998000-memory.dmp

Filesize
87.5MB

Download
memory/5112-5857-0x0000000006060000-0x0000000006061000-memory.dmp

Filesize
4KB

Download
memory/5112-5856-0x0000000006050000-0x0000000006051000-memory.dmp

Filesize
4KB

Download
memory/5112-5851-0x0000000006000000-0x0000000006001000-memory.dmp

Filesize
4KB

Download
memory/5112-5852-0x0000000006010000-0x0000000006011000-memory.dmp

Filesize
4KB

Download
memory/5644-5248-0x0000000006140000-0x0000000006141000-memory.dmp

Filesize
4KB

Download
memory/5644-5237-0x0000000006120000-0x0000000006121000-memory.dmp

Filesize
4KB

Download
memory/5644-5244-0x0000000006130000-0x0000000006131000-memory.dmp

Filesize
4KB

Download
memory/5644-5261-0x0000000000210000-0x0000000005998000-memory.dmp

Filesize
87.5MB

Download
memory/5644-5251-0x0000000007E00000-0x0000000007E01000-memory.dmp

Filesize
4KB

Download
memory/5644-5231-0x00000000060F0000-0x00000000060F1000-memory.dmp

Filesize
4KB

Download
memory/5644-5234-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/6524-6549-0x00000000060C0000-0x00000000060C1000-memory.dmp

Filesize
4KB

Download
memory/6524-6571-0x0000000000210000-0x0000000005998000-memory.dmp

Filesize
87.5MB

Download
memory/6524-6560-0x0000000007D00000-0x0000000007D01000-memory.dmp

Filesize
4KB

Download
memory/6524-6547-0x00000000060B0000-0x00000000060B1000-memory.dmp

Filesize
4KB

Download