6ae1a778523203660d1c300dfca88c14e2ea012e417a31238f6b312cfc3902f1

Analysis

max time kernel
505s
max time network
572s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17-04-2023 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

firefox/browser/features/[email protected]
Size

371KB
MD5

3f04924cdb78db0d775211ecbd6c140b
SHA1

84b80f51cdbeea58bf47c0bb3a331980d1ba88e6
SHA256

8c538e2b8041dc4f4da48c7f241b9aef3b9c38ce5b4d9d3387489dfa46eba000
SHA512

a0f5ac17360b7a97282affc27177ee07052df3c112a0e57a1d88d91a6bb8651a37dbb0055c6c5cbcb60799ce15ac21f1cb69ce00137158dc847705e1a7ac2fbc
SSDEEP

3072:ChFNVI+Xx07LmvripM0+Hhp1PDkcLP+RXiJ+vQqp5HW:EXkLmvOpM0ehp1PDkwmYkp52

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 5 IoCs

pid	Process
3464	RobloxPlayerLauncher.exe
4204	RobloxPlayerLauncher.exe
3520	RobloxPlayerLauncher.exe
3632	RobloxPlayerLauncher.exe
4980	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\InspectMenu\Button_outline.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\roblox_http-request\http-request\HttpSession.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\PublishPlaceAs\TransparentWhiteImagePlaceholder.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\PremiumUpsellDeps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\textures\ui\LuaApp\graphic\gr-profile-150x150px.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\shaders\shaders_vulkan_desktop.pack	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Shared-a406e214-4230f473\Shared\formatProdErrorMessage.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\ContactsProtocol.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Analytics\Formatters\formatRecommendationContextType.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\VoiceChat\MicLight\Unmuted0.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\installReducer\IsUserFollowing.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\useLocalization.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\__tests__\UnitTestHelpers\mountStyledFrame.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\PlatformContent\pc\textures\pebble\normaldetail.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\JestMatcherUtils-edcba0e9-3.2.5\PrettyFormat.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-a406e214-4230f473\Scheduler.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\temp\Text.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\tutils-04e2814e-937da4f7\tutils\shallowEqual.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\PlayerList\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\textures\ui\LuaApp\graphic\profilemask.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\ChatWindow\UI\TextMessageLabel\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-4ad47a93-d2d12716\ExperienceChat\ChatWindow\UI\TextMessageLabel\TextMessageLabel.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\mock\mock\Matchers\toHaveBeenCalled.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UnitTestHelpers-5ccc87be-c56e1d8a\RoactRodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\FriendsLandingHeaderBar\withHeaderBarRightView.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\VoiceChat\Connecting.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\Settings\LeaveGame\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\textures\ui\ImageSet\AE\img_set_1x_1.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\Cryo\Cryo\None.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\mock\mock\cmpLiteralArgs.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoverabilityModal\Dev\TestUtils.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameProtocol\GameProtocol\GameParams.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\sky\clouds-bc4.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\ShareLinkInvalidModal.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\AddFriends\EventReceivers\TencentAuthInfoEventReceiver\mapDispatchToProps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\installReducer\Presence.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\TerrainTools\mt_paint.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\StudioUIEditor\icon_rotate2.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\Emotes\Editor\Large\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-492710c6-1e7909bf\RoduxFriends\Actions\FriendshipCreated.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\FriendsLandingEntryPoint\getFriendsLandingEntryPointWithParentContext.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLandingTestSuite\FriendsLandingTestSuite\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\MenuBar\icon__backpack.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\link\core\ApolloLink.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Context\getWith.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\requests.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\PlatformContent\pc\textures\wood\normal.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\ErrorPrompt\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\ui\TopBar\HealthBarBaseTV.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\InfiniteScroller\InfiniteScroller\Components\relocateIndices.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\JestMessageUtil-edcba0e9-3.2.5\PrettyFormat.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\ImageSet\ImageAtlas\img_set_2x_9.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\Components\Toggle.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Template\DetailsPage\Enum\ContentPosition.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\content\textures\DraftsWidget\newSource.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\ProfileQRCode\Components\ProfileQRCodePage\ProfileQRCodePageStories.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialReducerAdaptors\SocialReducerAdaptors\devDependencies.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\Dev\TestUtils.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\wry\trie\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\ReactTestingLibrary\Scheduler.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\util\createAccessorySchema.lua	RobloxPlayerLauncher.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262562491651552"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 51 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-9898fbc5d6bc4b1e\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3060	chrome.exe
3060	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
3184	chrome.exe
3184	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
2620	chrome.exe
2620	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
524	chrome.exe
524	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
3148	chrome.exe
3148	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4752	chrome.exe
4752	chrome.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe
3464	RobloxPlayerLauncher.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
640	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3060	chrome.exe
Token: SeCreatePagefilePrivilege	3060	chrome.exe
Token: SeShutdownPrivilege	3060	chrome.exe
Token: SeCreatePagefilePrivilege	3060	chrome.exe
Token: SeShutdownPrivilege	3060	chrome.exe
Token: SeCreatePagefilePrivilege	3060	chrome.exe
Token: SeShutdownPrivilege	3060	chrome.exe
Token: SeCreatePagefilePrivilege	3060	chrome.exe
Token: SeShutdownPrivilege	3060	chrome.exe
Token: SeCreatePagefilePrivilege	3060	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeCreatePagefilePrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeCreatePagefilePrivilege	524	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3060	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 4256	3060	chrome.exe	68
PID 3060 wrote to memory of 4256	3060	chrome.exe	68
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2816	3060	chrome.exe	71
PID 3060 wrote to memory of 2120	3060	chrome.exe	70
PID 3060 wrote to memory of 2120	3060	chrome.exe	70
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72
PID 3060 wrote to memory of 3888	3060	chrome.exe	72

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\firefox\browser\features\[email protected]
1⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaab5b9758,0x7ffaab5b9768,0x7ffaab5b9778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4276 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1784,i,1267316393438170679,7710767322015028462,131072 /prefetch:8
  2⤵
  PID:708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaab5b9758,0x7ffaab5b9768,0x7ffaab5b9778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:2
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4372 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1588,i,4894263592744356553,17706259793350773907,131072 /prefetch:8
  2⤵
  PID:4376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaab5b9758,0x7ffaab5b9768,0x7ffaab5b9778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2676 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1764,i,17435162139092061335,577492469784803704,131072 /prefetch:8
  2⤵
  PID:4960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xb0,0xd8,0x7ffaab5b9758,0x7ffaab5b9768,0x7ffaab5b9778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3756 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1752,i,11920235669503219046,12039450272302968009,131072 /prefetch:8
  2⤵
  PID:2988

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffaab5b9758,0x7ffaab5b9768,0x7ffaab5b9778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:2
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:1
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1760,i,4570874532513703037,2578521653081789395,131072 /prefetch:8
  2⤵
  PID:4616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaab5b9758,0x7ffaab5b9768,0x7ffaab5b9778
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4944 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=948 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1616 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3384 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5336 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4992 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
    C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6dc,0x6e0,0x6e4,0x5b8,0x6ec,0x15ed584,0x15ed594,0x15ed5a4
    3⤵
    - Executes dropped EXE
    PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3372 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1744,i,6025247479306970404,16808236426741538264,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:laWi7kjpcbkCIGsxGZ8PVDZDMeXleXR8SULVFK1gOvVwtOTgPOsGexSnLXwEwJ06DTMbieRd-_31zYZ0P1k73r8-CxbKGiSbZyquyfnn_XJOewgMObcsRsrb1s0ZEiJ1llgH2MuY0BRV_8lmpIewDdCaioUDgpnPz6iJpX1KRP36CLTcONtObVIGKYKOaUXWUfhCHyvtu50_apzqiSDJTNMxGIskeeMDB8NTVotZx0I+launchtime:1681783020492+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D169558849587%26placeId%3D189707%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dfdeb3ca7-0a5b-42e1-b1b6-5bc5148335f7%26joinAttemptOrigin%3DPlayButton+browsertrackerid:169558849587+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:3520
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=e97527f1946dcde1ecf49aa2cf30d420185b368c --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x674,0x678,0x67c,0x608,0x684,0x136d584,0x136d594,0x136d5a4
    3⤵
    - Executes dropped EXE
    PID:3632
- - C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-9898fbc5d6bc4b1e\RobloxPlayerBeta.exe" --app -t laWi7kjpcbkCIGsxGZ8PVDZDMeXleXR8SULVFK1gOvVwtOTgPOsGexSnLXwEwJ06DTMbieRd-_31zYZ0P1k73r8-CxbKGiSbZyquyfnn_XJOewgMObcsRsrb1s0ZEiJ1llgH2MuY0BRV_8lmpIewDdCaioUDgpnPz6iJpX1KRP36CLTcONtObVIGKYKOaUXWUfhCHyvtu50_apzqiSDJTNMxGIskeeMDB8NTVotZx0I -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=169558849587&placeId=189707&isPlayTogetherGame=false&joinAttemptId=fdeb3ca7-0a5b-42e1-b1b6-5bc5148335f7&joinAttemptOrigin=PlayButton -b 169558849587 --launchtime=1681783020492 --rloc en_us --gloc en_us
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    PID:4980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:660

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:4088

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4052

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:1436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4312

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:4340

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:3464

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:1224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac
1⤵
PID:2696

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4844

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000001901D4 /startuptips
1⤵
PID:4944

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
PID:420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
3e1634906e576e71becf3b0084f3821d

SHA1
2fec3414a7f154e7166212bfcd0cb300fbf1a846

SHA256
c041f06838dc23831f5cda5e27ed0702f377df774ae03eedab0d8468fa902eac

SHA512
e084c0e0862952db7a77cef1c6a8d6ad647a61058ada42bae96c8c7e36ec417830a9b26f370f95a271db623cc861ab0f9a3f26f793478dbeb3b706e28370007f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
114B

MD5
9248658389d31b1d659b0bdf148335a0

SHA1
c4b0c601c7b180164452364844d7bf1fadb13363

SHA256
925f771dfa60f7f5213e85eb44a0d89d1dcf691b40f1f7e039a4161577047322

SHA512
315d880173ba602090b55625ddb6a9dc9f795aa7d8756d4ed296202a5780856c7330094bcaa8e398054a7d68eadfa9ab26773533308ce8dbe2153fb12d649ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
212B

MD5
2cffaecbac417f7715c9dc4e4db747b9

SHA1
67840418f67ec642b3dfbf26d3abb78d92be550d

SHA256
afc42c72ae96b7d2906c21c6bec271f4fbea8609ab2ecbe4bfa4895846333a87

SHA512
e0cc4f45c1a7bd30d7693517aa3f75063ac8bcd18f2ef4430d11822f07109550aeff2ed8d48c068ae2a8b48b9b06a4b4e6e8dcae258ea857ff32206c5b105854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\0d5a0c20-c024-4949-a23e-7ba8068fc6b8.dmp

Filesize
1.1MB

MD5
b13323b22261156a1fc5abcec9912543

SHA1
a97039b1da26146997720502dd596d328fdd6b91

SHA256
97e1b8e3b6440ababc64d98eacacdef705181b2c4ea3399234ea9ca4f00440fe

SHA512
bd7b5bb721fcae57ed2b4598d48130781515fe1f4c4bdf77ed4901cabdb207f9861359f048f34df4f6018c8d8a393bece1e8804a418d4e74bf763eaae809dfca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6de5df31-27a3-4cd1-95a9-c6fb6a909b08.dmp

Filesize
1.0MB

MD5
812eb726889358053ec1686786becc57

SHA1
e1460d8e3c018006aa63c8ad52f14157a4e82449

SHA256
5065b4b6ab5481eb209dca83eb91c7782c846e9cfdf918dde4745369ae36b2d5

SHA512
23654eb3921760061527027514dfab8cdfa313160f685691df9086a8e1e44261ad6ce1c7cf8a99e1524fae266f01c8a5eba9b83e8e3835289c6b1de88c3cb57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9a9de471-fdd8-4811-b0ff-fde222c7b2a7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
eb2e446fbfc4da347a16f6b2b2f34fac

SHA1
603984e74d7a64155435d44b920a0b6cb216d7d9

SHA256
f7cfc97ddb87aa651bd140f333de59c6b88eb0b35a98f4c11dfbfe7e0c666dd1

SHA512
6b1244d5dbaf2ea41a386a99e86ebb79079cad22efc45c112a39ddbce16f8abbdb929d7f3094f7ef4736844f300c583968f027ff09327e605d572ff07a19c0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
01d0a94f1809a826224c2bf136eff7ae

SHA1
b0706edcbfe143a57e3e77b0ca9c95b5660742f6

SHA256
d3f0c87e275b3fc1cec11edb689ad1192a24e725364f8898d88ccca000d6ea54

SHA512
7623ea0365f77b860ab39c3bc643ab37fa86a296c4288b7322d12b48e9fbf6f141026da2557f35a68c23da3a85e9b4d712256844d6b0bb66bc5fc6504c408c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a9ae7cf3ba6bd1c50eadfc071abf7aad

SHA1
c967cbf9739dd0db7c820154202d749cf7c2450b

SHA256
907fd7bec607fa063b0f7b73c016c73f0313893f5affcbf3f45188072040aebe

SHA512
50e65a6d961af0ee99866c0e370da34a64d50042570a01cbae2b08813a93e94ba88807c747457d6059656aeb68ec0b1dac52034075a06c3a1120dafab0c4cf1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
f1056d02ae5fc578512dcea06f8a0a98

SHA1
acc422a521cdecde8cf33dda761e7d108c145e2d

SHA256
02e7b25991a5ecc3fea693becca05a005f6968e904a002ca425b1a5e40a2f90b

SHA512
f7ca3e0f242768ae6539d45d6782907154f988451d67ff643f90cb08879546578432c0044c63aff8f5f4b027408ec5167857a8a818a76fea3f59af8545eff5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
66d514f7a4e15967dd615da85477a4fc

SHA1
c5a54d294d0e31d2af5f0aee49e2b762d343899b

SHA256
862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a

SHA512
ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
117KB

MD5
044aa2968817aa931541f010d683685a

SHA1
8e9f3f4b305056e5cf2925f17d4d02a909757edf

SHA256
6907a6a7336439e247477060e5f5472364386f5151a7487519076c71b8be1b3a

SHA512
dd70e489d1fdac8c84671d09396f990258b04801dd1e1aea3454b1ae78e4a51a1e8a974ade09cd565ca9bed3ff71f9b384b571c6c310c3d0412ff38df566bead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
65KB

MD5
0245f9dfb0b17e0214671ad804d567bf

SHA1
3f156c3667fa3b44a303bf6bdf37106088a1bd60

SHA256
6b59a545a081d458fbe500b1c7f9dd0e609ddce1df87f7cdbbe806c5972a83a2

SHA512
41ddf225261efafea77cfedab124aa9648d71e5035d5a7eca78cac78b9243828b4d28f1672c5ea943dc454f3b3061303bb886618c69922fa5dacebe58ffac822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
47b00bdea680e83430e00187d0fce6ae

SHA1
48d7d0a50d7fb8129204aa7e19105311f0942b40

SHA256
622a1755096abbbee557ae0d55adbcdcbed6c1710b45d0206617c016691b0120

SHA512
cd54432e1a381bddf99452a245c4d45a8f5b45eddf10f88dd42d9ad3500d2e10f4b0fe75d86d8579375c291bba29dcee9f85792ab4e1704b46011626417abe80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03184b0cb81e95872a6c7892e8ba498f

SHA1
0fe13eaa11bd6dd84752d00d7c6eadbebe5fd65f

SHA256
49d2d8fe910e8a78f327d9f33b9a923132fa0b043cbba7c8b896a0342e8678d0

SHA512
7cf4136d692310c83faf45b816a337b22f770a9f16444cc9dd1e660b519d904035c78f2b68ad258be723254147595a8b446045c593207f20d58dc079fc03c808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
587d137da7dd95b20266e5a199be67ae

SHA1
54ad7363ed8de8283a39bf1d093b9fe40ef08dfb

SHA256
a2af0eab9df447fbca8df05db5b2edf6ae590a6196d2f23bccd0c32aaac3a067

SHA512
9479eee16a9bca1e67ae1e5a53d321a60b6cd7c7478b6383b9b1cc42bf4ccfdf71c6dde63b05162837c0ce50d0baacade3778c894bf5e1c18c40c25b24cb323b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
e91cd67ba738b180a6b950fe4adcd4a6

SHA1
f6593478fe445236afd1cea0eb23b20e8e2a749d

SHA256
ede206a1c3325dd3e2baffab2800e158fdb422792a045267b6e70b650e9008dd

SHA512
4843a255d70e8f1827572bb78a16feb42140cef361ebaaf950ec3468b9fe75659d9b66e725323cba60d692dbf94998624b65d58c998604df7299911d08376838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
b18e8c012955d1edb800d5e60d906608

SHA1
d87db09bb9788dd318a9a823a63198e1aa9d8b85

SHA256
04dc6731112c672ce177f99d1d0d1e619887170a6c79367b4d3f211a2a4e08c4

SHA512
de191e715f16a0b4c9571cbd65c121c5121080c65f37370dc61f063f21a37e45bd3d332c7f58f0c879135b6cdbdd7ab85073fd8a3b77fc826c8e4c517daf577c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
773e28ccb024ead5b18a5eec4d7a1662

SHA1
73ceb6784059c9804f9cb55f38878d9f7d2414ea

SHA256
d6596ff5a03edd354d9ceab00a10d4f1ee2a9317d6590d0da53412c57a9d6ce4

SHA512
854447904abe4ef57b59a997462a0accee723a6969cc3fa8ce835639d69fb811905b363db2a6fa9a4e27dd73e74500cb82423211c9d0cebc176ccff985604548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f882cd43adea29e7e5bcb4c4a11c677d

SHA1
99875ab7436e51992ecb59e3debbdac6d24dff7e

SHA256
e223c9ccd26ad4d8deb98c909d6fd080f30f649e70a394b70a96eed6683a2c56

SHA512
5ccd7fdde4c725762b28d2bbde5bbe9c81b68e40d61e6e7e4f1bbe98dc9bf459a9de4b2869ff74c2a4ef99ec69e3c5eada9c33048186ff411b314da84114997f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
56bc9e0cfea22a41a4e4570a260a9270

SHA1
fe182fbd175cd3dd776966916090a525a512b90f

SHA256
59530b5ffeb55d6d7276fce812fd402822e58423fa9e8a7b448605151a03a1dd

SHA512
81e25915783a3e0f7a8b049875b47dda110fe776395516c876da368fc783d5268ef27e057c0e42bda52ff1108ae67ebe5298177bcb3ac24abfd392217b4989a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4d895ea6fe44203695a169accc7c9394

SHA1
9fb073d0c6c4e70d201d1d1b4c1e8878bf778664

SHA256
d155809f1c943b1254f1389273007fbca2b25f910538db07d06a0bdf9d3b3f97

SHA512
2fbc0ee792eb00849adc9ef87b02f5e1d81824b527b3bd7b64c6aa4a40a635f5470775ad80722cc16e8a7a7c8a884f3eed1c08bee3c7af7c0c4e1f507db610ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6b2df572fdb72b97238f9b04108521d5

SHA1
a73da75fe2840dbbbc2d360b39ffae663ad95150

SHA256
fd563a75ea5d35ba272412cac03ad095420c490b69947b3247c56e8e6c53ce0a

SHA512
3ddf7cab8316ad426335d612603b87f3aa6ccbd38d93cf8da4a24a3b2b6fd3ae80cf4b0c16b0f85715765c32842728ec3b93ea87e0575ed5b7826ab5a6f7989f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f51a1b7e85d4846a4761234e237d72d7

SHA1
51b77e7dfebd9dccf5e1257eea7bfa8aaacd5ad1

SHA256
9e15dfa13d2921ed4cd0c39017f5774cb85a8fcd587b1131dcfea4520c324a6d

SHA512
f4d84022575378c3b949257ae3b95857c3f186a9ca3546a9516dcb94a4948de5103b411069f6177cac7fde7c4ccd670cb81e7ecb9eed4fc1f676fc6204324fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f4f8e5f5970c13824dd84e353e2e0999

SHA1
2bb9489690e3f87a55ae72478c4539e24f38800e

SHA256
e131174e06d54bf58644ea4799ac95e500bc58f6e142da2d377bb9d31f9a2125

SHA512
581ae1cca0245f8bea6e6ea8f3f00a217e3058a657f83da93893618c974549a202dcc8782c3ff26aebf6cfc3f8a087d93f38b0b6de496fc11cd95220bd8a47b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4f468c9a0f78f9135c4b067ec1134aa2

SHA1
5b5ba7b8fb7f0d365d032934f1da25682e91ff00

SHA256
399b74e3d192d39d1e8aabfbf06201b2ad0a5c661910d64c9505b205ecd37fce

SHA512
35abcf58356195df026688e784630ab7110a20397e852d15740f3f9d78c97535528ecb39e747a35abacd8d80b0256dd56cd72e105f54066731587ee92f1d7532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ac19e0ac23dbfdaa853ce89db3ae5e28

SHA1
04100e8f8fba88faa011df8ecc844e41192a9f00

SHA256
7e1dd73b7562dbd1cf2e442913484d238678e08e18b63ec191b0108313bc1278

SHA512
015dc5241fda709d7c1c15b90ddacf2fa6be4a51c8481925822a64036fab0d2fc7ae5c75c60fb90445512fdc45a1c79c0e4c585d6f2e552ba7228f8bb08b1f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
21b6f5284c2d475dd96714ee645d516e

SHA1
8e20c9ce929248796a5c8324f383255c7d521e95

SHA256
4e7d01bcda7ade6e003a32de018d65e3384e87763f6f6fcf2731e57d35259819

SHA512
3208f2922945fd238fb55062c0f321449b63f1102e777ad611238034d6ced3e0874f9c7a2e2e66fa9c2db9e5d823f6124a061a02ef7db003ff72b80aa969ba3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0cef6b838ad126c09bea53178d7436f3

SHA1
a58a45192448f2dab4e75a389cc13413168e4362

SHA256
9b1a5a496154a8a221064ef85c7871b2def3ca099155b030dd795d6a172aaf33

SHA512
645cec5bd22092dee72249856654e7f72c1748a1cafde2260461e5c4468f97f949b95843e4e64c5caf9cab2b3f34c43db29d6290285f531965365c58570a0d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
542c2b760492ad38f656e840dacaee2a

SHA1
1f9d0594e95740cd0d80485ee81c3a9a2d9296b7

SHA256
c66a8003f48629bd076f304ebb0d775b3bee9783061206f3ceaecfc542f0b661

SHA512
d22486cd3b5dccd6e43f708fc338f0b64be73938f1dc7b47bf63b82451ae0c42d194d7cf61f123545b529a2454f95b9d1f3c0165a3ab2cf9f963bb80d34150d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce1a7525bc3f288efb49cfaf75816290

SHA1
c12995a9641d4d65206569099d103e47ab9bf07e

SHA256
25576de60b0a24d956948d249b1a942cdef0c09ed04cc6ae2c7bd76912b06607

SHA512
e494e553eec52fe1c567e76619e9444fd67b461558928333cf4f730514ae6c97de7b4e31adbd08fe6c85dba77b7ad746dd1734d6c66ec76a0220120248cceb67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
20e4619c385a14e8f5d12e9e57934a79

SHA1
30fb7a905f679bf26b5e3351edaeaed9ae42e3e7

SHA256
fb115980dd47e3f1a93a3bd3ccbb5584f4adb2f5314a616cb882dfd5068962c3

SHA512
5d96dc995323911b0a5d5cbf3882c7361d54787d400df2672ab54053f05d66548357271a0689e6b8591d1cf1677d62155ccd73460f2d4b42017742015d5f385e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
01a577e457b5a782ad72f212303ea5ff

SHA1
ef8453a38369f432a79c10931ab40027b8df1d67

SHA256
6adba3b156f3460172e9337841774b02f7fafd8391572da2d53ab4cf9e110e5b

SHA512
f22a7a8900bf9043818154864ebbf9a88dde77c9b8ae8232d1d10e7dbbafd60db8d03cb2640c06d967cbdbd1dddc4df78e80dcba6d734b3933ce586c1a9c9a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
20cdfa1074e87da412ae94ab7cd5cb66

SHA1
4a1438cc514b6c53aae363a2dd851a8088a5c8a8

SHA256
0aec35249fb5fbc967bfb477a938115d6f497b76987f2324e89302e3ccff76c9

SHA512
7abb59e6ce62c72977962e1959cfc64f88d22e19f81baf24dc9d64786a1ed64fb34af7dc2affbb7b92c2b67a35baabec4ce48b3077c191c4864ab568ca67df63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5e24a7268ef9a1218f0e13543b6872f1

SHA1
913e4ebeb9bbcd01928f2da6bb0d2f77e75dc2f0

SHA256
23b24e216775ec44fc49c5a2087dec256dc4d633da7902d467ee6282403033e9

SHA512
805dc1f4c88856405daf3126b32c477b1811d263ad95bdb7f71ec60a3a3b2eace398eeff436518c2b87d82083ecc958bb7e75da7a6246fb3d2d5145ecf0fc451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cf9d839a8b86b319a27ee3f1e80a336b

SHA1
4717ab4cc75aa2d9446d56a62e228a0851cfc258

SHA256
e558178736c8a332021716be3b2a3c7d48e9d6ae81f64d71b1be62d92cefc3b8

SHA512
f8f3d662c1b1d67d6aed738107b3c3aface9377c0e705126c1c39f3bba2009cf00ebec066352af0fb9752da99a28e8717e408092245f9d598b0995bd84f10b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
17896d84563dd9dd2fda7b05ea47cb11

SHA1
814d301674b44e831bb68a31bafa2a12cc19f5eb

SHA256
cba20d35b8ee6f690729a40696f947c0caec52e7f990d82cf8f264e47d694fa6

SHA512
fd841b4122990c92f27884cd0b4002f02dad46b704d5e0f5372fec2e7bcf4dace33a84aac4cb0211e9a1bf3223ba4423170895fffc0f697fd010d985699a4b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
883765b3b2a1288c6918a8294bdbc31e

SHA1
c3e5821ce6e41fe7597bbe99abcde5c0df4c2b3c

SHA256
298b4784fef870adf040204f2b26353aed6587b93d6f795596fa89e28a058594

SHA512
1717b392b845f4dea23fa15176ea631dc22072e6965d1727e49fd22e82c18946cd60f9cdc0ab91ed4b45d99a32a5916ae48093b3536102f80457c1e28c20ae4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5857844356eabf868b2afe70cdd2368f

SHA1
0b9e939adf9cab81cca6778b974952af9395c255

SHA256
4d98aafdc838cbfeb686fec3225c38447c1c72567fd456aaf09c0665f029c6a2

SHA512
c0bba24c74e2f46ab3fc7b0fb4d1535b516af2530bf88b66e946abb30fb03b4a3858847a116d00ce8e4ea3e8125e030b4f3097d6d6f7d8652ed6cfa1f7c2f979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48ccd6494a428b61c3746f8083b0c4e6

SHA1
92f096837240b48c077110a2a01ecf735c7831b0

SHA256
dea4fae3bab677479a52dcddb7c44a959ea0ecc719343b281a48a42952d8e374

SHA512
ce9a44ed031ed4f5d2beacbcbc579748194e3798884ac704490f47b00498d790ae8b3c56f4e8077ccf5b59c28b9f5297e81c2d4425406787efa4a0511b71b559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a6e8a9580d18b3e4431b0ad65ee24a9

SHA1
93dc78e8039d23ba88f34ba0ffa4aeaeb0bcfa56

SHA256
933666daf8b6d7a28ad89865a458858e50c8a16ec9f61c92e600520ac7745445

SHA512
583f89fe694aaae0fb2b14bc03206ce1f226b13b4e51742567fcbd015cc0d0df48aa995d059f674c95f5d535ba347dc367e1599ffe7b2338e75396472101f174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb01a412e24667b5e82a3a80e4a2a758

SHA1
2db66c67c1689c6f74161f05a93d39dc6be859c4

SHA256
f87a9389c7c8cf77ff79f108161118a6945e74806733bd6140e14803cab99b9d

SHA512
94faf7be36844453404c15ca55d8e33571a4ad8aa788d83283944d55497fbbad2b4ac0833a2c2dfd9ef832f9f2a08866e3d45c681cd894ae66a23a86c5919223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d2ce4cbfdf2b27d74f83f772c2ab55d

SHA1
526e94a2a913f6914fe90a3bf9112398dfdb2ef2

SHA256
4c3f9bf1c2fbfae30a1944b9e7e4822a015bad9b230d5e57aea2c8e4c06c8739

SHA512
673e65bd3f1135b6ba2ecf170d279c1d100c85c98a14e86c57cc701aa184ec3b98e7ea8312c191832306733beb3edcbad0f4f2ef62bdc001d586b94623e77a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aa2ac75e1a76eead43da0eebc27e77ba

SHA1
23a2e0f694a2ec5a77537dc2d195838ddace2aa8

SHA256
23dd8c25ecb253f5395547fa7d3f0f12ebb9306a7f2d04822a852d1b423f9e34

SHA512
e1de69cfe8b17dbb3283a4abca04a351026182ba04653a533b85351730fe9fafad48fa2248df1e07bf41c140935a1a566fa9e59f858e809ee697fd0b630dc20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8bfb3e69d1ace4ca7bd459e0e4e6d705

SHA1
4ef824d420b74a43d7746c7c34e8068fc5af5bca

SHA256
ef98462fb8e813217c6d90e8e680fb637497d69aec7985aed7da79ffeacfc7cc

SHA512
5de5db23529680582b814233fa7bae8a08cb9c21ecf6f55084f12b5e3ac01a4a7b36ef5ffce578405c4bea107530cfa409c9825aa5608cb05290ee35d072c834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fd4b73e258c21c2e895f600bf84b1ecb

SHA1
c8530a6cc9f6488125c12555a9b076a08034e738

SHA256
d6d85f44ce405657f868aef0542297097a2306e1793f91a550cf3d795cc376bd

SHA512
429ec22060620a56d3ca85e255a0f0115a543ae741453dc94769bd0a928721a78a6dfa184365a8b58565e0147f728100fc4326f0e05c19414997d27797dbf86c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78767617bec5f425a240383696b8f4aa

SHA1
baea4a79774c20a0853c11a3d0d2014c47543927

SHA256
56633f313ad5cd62e4bec9adf5cc6a64d9772e88ba0839020c4c44be79497ffb

SHA512
d4cb1c6b2d3d9b218ec24b2e1108ead058c95caf2dece91ae1046b0f93f2a69df9b285bb1ff8348ee07da4032a48ece330d83b2c73f4db4457331411c072895d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c33850426223e8202253d55ff77505b5

SHA1
3d0ce01dfa9f9a6fe2ef2f18363a026c3b322d6e

SHA256
9d6e903a58a04b539b3a3ee885cbc12eb8b8f8192b5c760f2a3c1e661e723035

SHA512
5d794ddc8b18b61feb0f4014f9dfb54ec2d3ce27b6dbd7e778b17487817ef8cbc1ac4840d098ae2486140d183d5e9e8b440e736bc9e0f48383c14c0636e86415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
553d0c7142f4d885dde115619c7fb165

SHA1
15fdc9f43b0c35b53ef9b3b653774b4dce71ce22

SHA256
617b0d302cdec2adc15b39c5fb0ff12a5ecf60f4c9af94cab6727272590ba7e8

SHA512
c33ceefb6e6ba4fa579d5c20df9000fea5d91d2ab7d43c9afcacb703a949cc6533043192c4d21868f5b96c172f3ef3bbda05506c436fbb28645069e1f083eedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
519349e0c9bd38063f5b86e27c1f99a6

SHA1
a87b0c368cc0f2034f4934935d323dc2e69af4f7

SHA256
8eda8fa64fc0e55443991717c564f4ca30c6098e51160579892ab4b1ea331610

SHA512
0893337110756272d8258041fc93ae8894d7113559c116a3a25bedcfd50596ef357c027064b82bedeb09f87f37b40934e9cef546439eec9d079646189afcfa1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0897d1106b568a7e370788502d494661

SHA1
124cd9edc0ea7c074c89f14bc44e6b271b1f4f85

SHA256
54db77f18f87883f492ad9ea397f95943be66d9965b2e2394235b3804f4bf6a9

SHA512
fac2c731918137a58bc3285f7251f6393c314ea7f002ba9529500ff7216aca92720adbf20e00f9e6ae42912d2a66e52daadc0f1880aecb97bc02d12d47fc1937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48f6cbad9ad847d58d283cb8e1b3a1fc

SHA1
ed5fe278f5a94419dac5c169b76a291133a301f2

SHA256
b48862a6fa55f966bb21d855e0a165d08f5a5f3e8f0d6c8469f8bc8a48680812

SHA512
33eb58f9ab2a41463c4e42773b7866ad05b6285ecc03ef49fdb9ad52ce591df813bf3c78ef9399fa755ada1264e641b2c2e20fcd34cfa062f30281efdc51ffa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d44dcc99d26e5623af4af9b88a8889a7

SHA1
fd5bf4fadbeea1561f2ebc27bc97a045df47b155

SHA256
34927009fe9559a5fc4e1e5f8afb61eff093c6240632c9537bece3293fb76f34

SHA512
2a0d439eabe4c79ddc12259a748d05fe6a448cf53f3d364bd7d7d61766b283724d423808eec7053b3cfd734cd116fe89df2e0d07e9ee4672a623c39a9c393a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
0cd7b75687325a027bece73fdf19422a

SHA1
c7d33ce771a9b197f46183989caefd45988b7a17

SHA256
256d90fc1a1d381eec5e6918dede3d8ce5afc0983581d75bfa35ae6b1cab31f3

SHA512
f5eec2aa3b79ae873aaa07e658faa229e132bf37638b5870a4e62c90808809ea38f8b3ca4b11f503ac066c40dd8986b442d349d98a4effc85109c34b22285e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13326256233906563

Filesize
2KB

MD5
70eb2a2afb797dfd0b24168c5a7bc437

SHA1
3c56bed232552f410a07e93b167c9c28ade86ff3

SHA256
5894f54df50dd225980c5cc4630c272a39c0ccce2d11cc6e1dfdcbef2a8bac53

SHA512
cd7a4318f55f8de3e0a8f89971d07fd53fde762f235caaccefee9855be6130669c16602cd33b6c40a0b0d52c8b511453816a718d9af3f8b4a50d3be599f37460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
062c9d8aa3dac2ecaa751d0613c5ed79

SHA1
f32939bae7f0285234e867f36dac051a3c0abd51

SHA256
459c6e81512f19d02281f42c58004f79393548a38706f63e67f9091029742864

SHA512
5c1ec1faa849427660890e87e6b7de5b0d88346d13093e61de01d4a7db8d98ba2fd0ab5c077d8eba07b9280b4cb35e2c4cec3b5acccfcf6755764bf085ca81cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
50b0c169e59d1bd99900780d22b822a6

SHA1
cd398cc014d2a725e62a108002688e59f4c56602

SHA256
99ac14d256609bbdcff3fadefb0bddc9efe16bc41c78df608d5213e1fdf23052

SHA512
6985ccab9c810113604ab865245ccd1c4217e3f77faf5a280e60adc13419b868268cc08d105461049dccb552908a7ea74db5c4a83406fa21da48e0ea0f9fe7cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
4a9969b9ae1b9da0d1dfa5e03ef6be1d

SHA1
b85ed2c4da702c4ec6e64be72b37f0f5f66ef5af

SHA256
9fbd836ca91956b05503415d067dd79b60757c90d84d88e0c4720b13bebce132

SHA512
f547a07ba13f35960ff55cc8bf1d2884d12b75d6a5a8ef43b86cfc39ddf638cff25eec233e75e78af7d48fef6470d418dd1c2b409476875018811df8c7bceaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
ac976bfe65c84adfdf0edb48134a7b14

SHA1
400fd81572a4737f9e34f3854adcf9e76b00e8e0

SHA256
bfdc6eaeb4bdf98c0d6fa43f218cafc0d67c83dc5bcc321536960e266249abda

SHA512
bdc51e3ad526b89b658e99e6ff0657029d43f7c1304521311a4699761b1745cbca1435c1c102ae432b69647e04df9586c832dc9d50f8150c4d9af70c1c94fdd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
f7100a52f44a3f3535235241cbb52806

SHA1
a4d845e7867878390b6a953fa60d8e2446df8f90

SHA256
7b6de8a8df41cab10661c9ce4abf74a1a52db41a65769af8891f60137f679fec

SHA512
d0c91a3e7d901b9b652ac42d0f3e54cfe3ce624c86443aec5a17e9f9ee7f114b27f71f885178ac33cc7a96cd491e5def40011904182fb1c1d5bb7f7b1e451d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
694B

MD5
9d604afe0492c187fd818e6388f96459

SHA1
32a29831ebe3fc893a8bc546db5355688faf9e28

SHA256
c9dbc4fa36e91abf2eccbf52939f5a883e1067b85809a7589824a1d13fb77a8d

SHA512
12b67da233683a53b06e11f054515cff116985ede68d83740db551ad9b04bbe4c02d1132a76a1bba8640faf12efb70c39d96ee5e167054b9009dc71c71556ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
2080c97331fee5b1d2128c376c08665c

SHA1
87dedf14c1bd5dec7c928342c781473eebf5becc

SHA256
0b612a073ba62a20586c695e4bcdcfbea058ec4b3f9f430741e8341af2a8695f

SHA512
2a843455fcf8b2157e0cec19ac98a2b7557e87ec540b4c726633ee60d6dd8394e4c30efad4909fab5ab3d76cf211cb1115da17f61471dbfca06bdcc0065fa11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
799B

MD5
b1b37dea7eb0ff6d19635aec1a1dfe00

SHA1
a316eb8c5194b7189faa768bf3c8ecfec04d5240

SHA256
78a81d5f95db6c83c5c6cac6537ede8c5dbdaac31ca5803480767a1d92563759

SHA512
e84e4707e85b6a620465ac2f9fd1fb4cb410b184244412ed6738f0df72e7b71a9809a4c1e6cc5b89203603dca0ea806d1a32d82482d6787087d476a36b930260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
a767be0a00e61f15b7bf2285a82cf4e7

SHA1
534c6b39389be7feda86c688761ad725170c4ad2

SHA256
60265f013340a341f446cd4798bd38a16fb778c6c13c72e101e75bc8b51ae805

SHA512
b36b5b396a500b81b1c697a2dc4d198c443a5ecc3333bad44cf01d0c3f8d9ccd19afb7da200d8d53b051047b38d63c64e9b6b60096bbbf86b6491956bfc9456a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
4e15c22b73929c6d99918a81cdfa14f0

SHA1
fd55b5ef8cbae387fad2d589ef7d2823f499616a

SHA256
5a8b2fed4767f36713cc0f6cc776ce72819ecda8292aab7239a3f47602287c8e

SHA512
a05777210613a64e65c18ffd0cd1d0b45efb8cf6643d5468990944dfc22c5cbb0d7fe046080f1d1cd9a7fa1695addde786b9fd71dba610143f0fdaa803a6ed57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
99724456ab36e6e72be72e87152e150b

SHA1
3bd366375b9d9f279096defc9556665e28253f1b

SHA256
10a792fbfd9ff5dfe6710fdfa0fc902eaba58bef4d48da2aacfa6d1f31ab9fe4

SHA512
a25067c2a305753f1d6a26e09da70f7e1d35a608077d76bd44f233d35c38160154ac0cd104c0caa013db6394edc5cf5e438135a654788ad026ca127515778f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c528eb15a39e2ad9be8f3b4f79ff04c1

SHA1
60b821c1224e2e86800fd7fa9ebf6156852e92e6

SHA256
dc73ae0c23d01d4dee12ce0927d7cfc5166cde3397b5931a40307878db4f55a0

SHA512
27159632c71701ac7d432909d45f5166c6908591256fbd0651c168c9f6941de443f0cf13a29395f3ba04850fc9c864b3c89f95bf1c57f2190ab788034ad2d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
22e90c58555ebc9d2d4db67b25c18bdc

SHA1
f0d0736345953fc331ee04d3effaa38c083827f6

SHA256
78b9a99365563332c92277be9f57ba7008981a5ddcc177ce76ba4a2e32c79266

SHA512
ecc0158b7d53d4297cdd09fb5b674b6493815d6670a5a6857d21ebe98657a782c7426cdcd00352a8a24fe09e645616b0cc6469b9aedc9d6523b66c3f074e9e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6b9c7d15332a2f0c4348ed1926dafe56

SHA1
f878ee0d856d3b6847a5d92810ba2686b729cc20

SHA256
91f4a94904d6ac1786d16c3b52fd807fd855433476dd5bcc1ee3f121dfb2fe2c

SHA512
9787d33c0c74fb945788559df365a2a071f8f043c1d4f3f35a007d3973695d40f2e2f2bbf7a258f5af9b893e778c70880d1efd89850b65a65f3a73370c3decab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
fe876fd42f37f5043c17859e6dcb3093

SHA1
f609a139c72b88a98391df430365d7f239e16826

SHA256
6b86f06a80229844e2a45d791411a4653d71cd4503d4b8736a952e06a8536b9e

SHA512
66a3b65e95f921bfc0ae84f36ab9d7ef0357e0e7a5a0cd8ddbe0411e7bc9c8b448ccba90b76b7337b03c7f46f39ff7c9453ea700b6d40bec03fa60442d133a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
823be350281d3300c03560ba1e55ff1a

SHA1
4a470460825c50b30587e552bdfcf26243aa068a

SHA256
a995b3926e54c0b2f3ec0b3c0149e73f84f3abbafa78318ccd6205094460d788

SHA512
32007b7cf4daae77c5755f674155bc91665a00de5b18df7b3c0ef5ae11cf43e99aa1e4e6bef7b32581a2891ee53a3b725434e3efe9f2faba8452c737f69d9066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
ef68ac976196cfd9bc0a86637ccb903e

SHA1
2527c54bb954ed76888b527802c3a47ee6676d4f

SHA256
38e8df0b972ac7ec0a9e53ce2f336ab5fcc8d0a3b5e1a30ab566920188339045

SHA512
d6e9d138926b431696126c68bf5dc366c7a1b13247843054ab78d7461ee93bb741741efb1c90084e70a845d992584187dc7bc27b42021354753852b1d555debb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9e06.TMP

Filesize
93KB

MD5
a440719ffb92bfd2dab8c44e51703775

SHA1
8f13b58c39d800b2f5e3efb773fe8d00886f63df

SHA256
92b6a9bcdd1ad6639c671f1b77c0ad6b05e49090285a873aa57961c056552beb

SHA512
ad22ff7e61e713bf71533686f2441352f162431cb97e0f1a810b85c2dd62079ffcba18bc7d94d9cfba4a0031872e36dd43010f6f98100d5ebd61cc6a83f8fcc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
16b7586b9eba5296ea04b791fc3d675e

SHA1
8890767dd7eb4d1beab829324ba8b9599051f0b0

SHA256
474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

SHA512
58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\480JMPRZ\WindowsPlayer[1].json

Filesize
119B

MD5
cbc56e4a8fcd650f64413eff0c7b0e4a

SHA1
9dbfcb3527aa4726ca8eb1ae8c2930022c983039

SHA256
8cfc93f2c2f1bdcad9b46d7e99aeeba08d03c05d975e28e92b09abb02517486b

SHA512
62e266f8c5f2ad8b8edf18ecc503d957c4efe24a51e816981a17554a9844a230933762f2d2249d4ddb004322849d1ad95685fc0eec1c2622b9636f8af41d1673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O4HR65AL\BatchIncrement[3].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX013FC5A23D6A4FA9A261C1DCF5DC5A69

Filesize
91B

MD5
934a11b8eaef18e6790e660f167b251b

SHA1
1195e4573af3ac1c966de8210b162d76f57df7e4

SHA256
8a8ffcca05368fdf6f8941aa5ebf50c565c4946e660dac731827703d5d36665a

SHA512
7b9ec190b7cbdaa40921a775beb6cc245f9e92b12785d0c1a9fc6285a996a809a2c80546a099fbdf5e2628404e4cedc2ab652f3e02c27012fd2fb3ea6d1ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX2003ABCFE4554A72B614F0D05D9A22DC

Filesize
91B

MD5
9de52d85b06da1acd48afa0d6d1d19aa

SHA1
6683b9c8eabeb1f315873fa6bcdfaaafa9353ad6

SHA256
8b231ef4bd7d12979f583d8c1b89c66ae7e379d6557a1bb6bfeffcafc15f1a2b

SHA512
f3c1210177102ad92dc8661720f12f4c6aed3a86991b59c823471464feb2eed41cc1512acc864cdace009852380701c20a694fdc0311d5a023c2b9298979c8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXB185A8AEC14242509AD35413054FA42C

Filesize
91B

MD5
b04c0dc18c7d55cd67b193981117e8e5

SHA1
de1b8da5292626c82c5369243ab17e1fe87819e8

SHA256
0e9e0d48cb004bf17d389dc2d43451e7c45546210703bf2c36048568477f538a

SHA512
e6a2aea601a6cc021d9537fd56eaf034dbc5932f9dfeca57fa69921733af8d1c22fa4997a596f2895ca60a9a064ace6a135a8c5893381595521da9cdcfcfbef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c088afe71b41045f34518e7f189769a1

Filesize
4KB

MD5
033129fcc136b5ece256e6885e688563

SHA1
bc2babbfe9d6413e592d9103913a6ce331f2e108

SHA256
edb7e99a2443cfab471204cdda3c090ca49e0202fb3b0e5659258045cf5f6d50

SHA512
d501f21f5636667d1a73dd13f0caab58f00181f1d066c0378c0c841142926cd538d736842d072c351d4bc9df638b8b7dccd8b0664512768d11753117b9e095e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d0b607aa22e7814942621cfa4342ea08

Filesize
243KB

MD5
2d3e0d10b5c6310d845932df64c775df

SHA1
b149e170444ab9eb357bc63fdff4a9433f62a825

SHA256
9c49a4a99a9b462003df7af12218f7ca03c900d39f6e25459d4043a2c5a23140

SHA512
97e078e18504c68c8fdd1e497d11587f64bafb2ae02eba3bc5f34ecdc7a87d10a6719603402a278cd0997b2ff665b6a875c9f49d5e5bfbf8823b93d4de4a5d5a

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
c519783a8ff04c41f07f207c47fde116

SHA1
19d600c06cf47cb9450747a2a308058c35f4ede9

SHA256
431b40284e85c47fe1c4bdca9d447e0c8487b39e45fa2a14e110f1223f0454d2

SHA512
0129cba7fece385a8ce048c195dafd8e9a86af692c02625a5112112bfd0f38c24c577bc3d0da9cf161d57d1f5ffbc674a84e737675bd8b09e43cbb92c2fe7cbe

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
memory/4980-1891-0x0000000001360000-0x0000000006AE8000-memory.dmp

Filesize
87.5MB

Download
memory/4980-1890-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/4980-1889-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4980-1888-0x0000000001100000-0x0000000001101000-memory.dmp

Filesize
4KB

Download
memory/4980-1887-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/4980-1886-0x00000000010C0000-0x00000000010C1000-memory.dmp

Filesize
4KB

Download
memory/4980-1885-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download