efc8ed2815bb341e102d9160fe74c12e0fb1f59513b672e5ddf63911d300a014

Resubmissions

02/08/2024, 19:58

240802-ypzeqaxglp 6

02/08/2024, 19:46

02/08/2024, 19:45

02/08/2024, 19:45

02/08/2024, 19:44

02/08/2024, 19:43

02/08/2024, 19:39

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxStudioInstaller.exe
Size

4.4MB
MD5

96054bd5385aa4720717cd4085b91f25
SHA1

472470578ce8706b17b7ac6148461da9dd70eedd
SHA256

efc8ed2815bb341e102d9160fe74c12e0fb1f59513b672e5ddf63911d300a014
SHA512

8ffcba01e51782c4c946b73303d2cff4105c2f7e465100c9cfaa5ae96a7cb51a6c22020c43402e4779053e7e3e1f616b374c7e019e8b089349b46e75f0886615
SSDEEP

98304:4VvqeclcRUVPFZnGJTVgqekkbOcfyzmCQTqVLarbhh/C0S:iqeQVH8gakLpqlwK0S

Score

7^/10

discovery evasion trojan upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002d0d5-1006.dat	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioInstaller.exe

Downloads MZ/PE file

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\RibbonBack.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Ribbon\Light\Medium\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\Qml\QtQuick\Controls.2\designer\CheckSection.qml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\AvatarImporter\img_light_RthroNarrow.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\CompositorDebugger\clear.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Controls\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\BuiltInPlugins\DepFiles\AudioDiscovery.d	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\VoiceChat\New\Connecting.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\configs\DataModelPatchConfig\DataModelPatchConfig.json	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\AlignOrientation.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\Service.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\DialogChoice.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\GameSettings\refresh_light_theme.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\StudioToolbox\AssetPreview\play_button.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Lua\AnimationEditor\Dark\Standard\MoveToTheEnd.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Lua\StyleEditor\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\TaskScheduler.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\TerrainTools\icon_tick_grey.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Navigation\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Ribbon\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Emotes\Large\SegmentedCircle.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\LayeredClothingEditor\Add Icon.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\particles\forcefield_glow_main.dds	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\R15Migrator\ic-blue-arrow.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\Qml\QtQuick\Controls\Private\EditMenu.qml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Lua\ImportPreview\Light\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\Debugger\Breakpoints\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\DeveloperFramework\UIOn_light.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Lua\TerrainEditor\Dark\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\PublishService.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\RibbonLayered.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\Qml\QtQuick\Controls.2\BusyIndicator.qml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Input\TouchControlsSheetV2.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\Qml\QtQuick\Controls\Private\TextInputWithHandles.qml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\StudioUIEditor\icon_resize3.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Controls\command.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Navigation\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\Performance.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\StudioSharedUI\Help.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\BuiltInStandalonePlugins\Optimized_Embedded_Signature\TransformDragger.rbxm	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Ribbon\Light\Medium\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\Utility\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Controls\dpadRight.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Controls\DesignSystem\ButtonStart.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ui\Input\DashedLine90.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\textures\ViewSelector\top_hover.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\models\Thumbnails\Mannequins\R6.rbxm	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\content\studio_svg_textures\Lua\Terrain\Light\Large\TerrainBrushTypeCylinder.png	RobloxStudioInstaller.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{77AD6D3B-09E0-4158-9C46-D6C7D516D60A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4616	RobloxStudioInstaller.exe
4616	RobloxStudioInstaller.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe
Token: SeShutdownPrivilege	4800	chrome.exe
Token: SeCreatePagefilePrivilege	4800	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 2232	4800	chrome.exe	85
PID 4800 wrote to memory of 2232	4800	chrome.exe	85
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 72	4800	chrome.exe	86
PID 4800 wrote to memory of 2376	4800	chrome.exe	87
PID 4800 wrote to memory of 2376	4800	chrome.exe	87
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88
PID 4800 wrote to memory of 3900	4800	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbebedcc40,0x7ffbebedcc4c,0x7ffbebedcc58
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1592 /prefetch:3
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4448,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4576,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4356,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3728 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3756,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3284,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5116,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3324,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4636,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4684,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4716,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5200,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5444,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5420,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5588,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5772,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6160,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6220,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6536,i,977887030063230413,11873128115431240747,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8335383e8b4c507023a556a3727d7fa0

SHA1
7bb639d4a5560d0a37687b3fe76eb99bedf362b3

SHA256
e928e43f502330eadb6e2c8b4024c2c97f63b2b549d9f259fa22eef46694424a

SHA512
10f426d185deb5ec87140528502f3271d03fd4942dc5cf7a731bed2e1e462584ed4af625c1e9dd609261d6a415ca88eda1a65f2cd64a00ae5e1ce3ae4437ff7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a002b220fa289e426e61fc076e6012f1

SHA1
857b998f2cac6e8e709058a59dc41fab544e5c0d

SHA256
42778c83f933eba26a2864e4b617816e123d794dd0541c02511deaa7a889cebd

SHA512
0a603a3991f9728c0bd28380799b5af2f42d8df269a4d5b843408fea32d7b095b89ecd2ec6828bf88a62c691bed8cf0fbb268b6f6c647fdc0b84c596cd5214ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d89524ebdc475c16f2e5b5de5840b3cf

SHA1
2c7bd4a0516f03dd60edf25d4fc0c75a0568c6ad

SHA256
e13a10a90267b89040bc1d5b965ce36137baa690b39a2c3b74ccb38bc0a680f8

SHA512
e5c6bac791b11d9e6678d7eb66a4f125e4fe03f0bc5fce264d9e330d2eb0b5b21507fc5f2a73821820ad4d77721f6b7ea907a56a4dd0d61e510eb1acd4e5a91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2df359938607990831d606401ff6735c

SHA1
914ee29522bb8ad5d71e8fbd8989c4fa2d22de5f

SHA256
ec714fe37a59de2d80aa105f4d7b5630a1a49f5106e9b870e47d2421ffd94083

SHA512
e4c014a45d36b18a0de410e1858a69ba6f6c71375d9d5d96a2f282cf3e566e414f38f44a2fc43cbb4d8f156fbf320ee27bc72e3ceb1befef2d278ff09f4da633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
35115627f9a3cc499e78d97a0fc836e8

SHA1
393488112e51e7b00fa3f7f8e68c65ca9c58e8af

SHA256
018149cb12560d1878538b5cb905aeef774cab50dc8e2a73bb2149306960b76c

SHA512
5ff53120da9a12aa86a8e90c9798bdf600f23de4443697a41f38f1a43bd5d8fc88db5c6632e28aed372eac46979299e9a3bc3346e23efc109ae63abdaf7b78eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e857d843ab20728873c2551f050a079

SHA1
8934827d24a0507d3bd673b479843ad6bdb19e52

SHA256
2fff82d8b7ac7a4b2e94906dc0218138c380438df903ef9082f73ce75271a8ad

SHA512
54b7b5cfb3fa05d6f0807c86c396f9077600675ce614936c923d2bf3abba8222efac0e9a425b9203b092bb4bea980c244b317e4b82c71b892dadcf820a2c8906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5c073ad56d9d0c46a4923a3dce6d2c2f

SHA1
2a8375c11c3f6a7df4c8b81ee86bcbba2395eb12

SHA256
1321db826752eb396dea41a4e4169689c50f9d2f5fd6d85cac53d408fae5dd17

SHA512
f566f67752af1e72be19a3fd1d0246808a5a0fb1c389340c34cf5f4a6b7171e6892f2fcd16a1dd5d29ab1514684ff651b988d0cfae760ecba65df96deff21259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
68de659b3e27a98900e3a4f8088fc0b6

SHA1
aef3a05fe1161b1f885201d4af5a9d0b84850f74

SHA256
31f18661eff4ca22a76b25ce24e15278ca40769e33cf3836d52da116aac91e62

SHA512
5210c4082a7d25cdea2601225b8072f42c78efcfd808775fc8a40dd23b547140d7d7fb03e5662105c04c963a4650fea5b56d6815dc460a74eb26641cec736602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dbd61159d4dd6c36ca630d0bfd0db440

SHA1
558dc70a44d30e52cb160fc2996d90f89dc10427

SHA256
2cfb4d4d3441a56277305b7a2cb811046eb4442fb71c4e20ec5a5204706b2dd2

SHA512
bb3a7d47a89ed87ddf094b15e7817542fd9e7ca3d508a0c8639244f0106bba5457b0122baca03270ac1a8e783a4383c7a1008290cff6030f4ad9a40db5c8eebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
bbf77fa0f9d068cd9edee63a32ea658f

SHA1
abf5ad07d5aa389595e9ee7e1f18f81874ffb8ad

SHA256
d5d014a60f1bde03d59e900dbd06064786c8a0b12b25e978e9a8aec2f3cb8925

SHA512
20845ceae181575689d3969315028c143da45d0ba426ab23a395a4b6fe4bcec527fb6a178f1aa72af139eeff90abf7662998ba8a33ddcf64b7e5b16f7000eadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
253eed5d2989813143e22deee31875fd

SHA1
d2fec4b0041a18a359e9be4b65f2ef79895cfb5a

SHA256
134e9cde54866e1192f9033cd87bbfd0395b4b1b1291d06ca176cdea381f0c82

SHA512
d5889f8870f61c5ac02c2448e0f2c55f0bc247e544ecbd1475b3220ee2d1cd4a526489b86392ba808f1b03f96899d739d3145edc3991068a95b5672dfa834415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa9e034ab8ca6e275ab2ca012945dbae

SHA1
863260cab271d5394e25e3c7a7d26f39a015f1a4

SHA256
a97f1a5f092944e858acffee2f5b56a312151c4252663fa95a25e114b6e3b7ca

SHA512
9d50ab5c94d1f5e1473f6612c5f6db64dfa66e3dd6a83a50913b690f57a1e159e6912eeb64bbb6fa6a45c2c2fd2e0a3c0d4c504832e825584787ff8d52b3f6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
212e67b6214f83984700deb8f88b5870

SHA1
45ca67c680b03a3d47d6fe01bf740e577cecb45c

SHA256
09d649d256943b2685ed408c0fcc8a2b167b23809a02917d006b9879148e737d

SHA512
66b60df20305f0c4638315faa383249eba66232d73f1913b3c2c7217b2a71f3a5e70d9c8d778da5d6e90c850f3f4d4c7878fe3c5977991631f4fe9fe925c5c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2731c6259ff6c2c2c6127b3caf075fe2

SHA1
39786a519b26e2d59d9a88243e11edf6b6b81daf

SHA256
f310af5041fb60c0ccae38ef2ce7a149cb128de18d339cfb8e852b792d7e31f2

SHA512
82583ab176d53e90a2398cfa2cde224a043956ea244249f933ec56efb9a85f27a7a8394891405e1df37721e5f32879497805597e29d515a256e2c1cac4254949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45aeaa9260d198e6e1370f4dd5c60cf6

SHA1
42d3379f744aaf66bc0d4563eeb8dcaf4ff3d2ec

SHA256
a3dcc3f91ea47831dde096619fcd4f97ab324f3f32178a00b900c3a947b73f82

SHA512
53700a3c146e019ec057eef15a79cf49663937b41b9e5b5918425a9f9f154c0ccd45462c740158b830c31047dd98a9d85f220f0f19d8f5584b2f2c48e103bd78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2ee2af602ef6737a32f75a96c04d0cc

SHA1
2d6c7b2a9209135ca62b970314fb3e3b0280d58f

SHA256
3e1e7fdaa3912e852db3736c8ec543607edd8e136dab003146cb0e5720c5f0a9

SHA512
bd7620b961ce0d597f04d636f6d9c6711149dbaf5e344ccc71659be4158d5f3d9dc58cd69190902437b7a4395d9aea772ae0d5cd7723a7000b0449201cd1cb40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
753160d163ed25da49fda8c14cd74ddc

SHA1
5a76776a9185763babeb090d55c53ef2c546489b

SHA256
b8157b669a5a0614faa1437e1337a70be8c47a52924796239df30c041c89d48d

SHA512
c85bfa4e77bbd82470f7f39ce952d8b28c791ce28a782c9f47c49ab8802309454ee58fa209261ac4c58f222f4a94debde3272428304da0c5a9100f5127c4895a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c9e72978e2f8be59e4f810d7c69c926a

SHA1
16c903628dd83f9d7c73e3abfa23ba0a18e2dda5

SHA256
c79f44590b7cf7bb73f158d05bfcc089c35ac921f6089055f7c6c41fd0c63d57

SHA512
3863a7cd26923791403eae8bd3f168c1eabd0ddff130026cad490459866d48885f11950f6a403136ca237f30c2296b7d68533446865830ffaed9e671bfb24445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
753e0f2cd01453a9defd3fb678440476

SHA1
dc794d8519da6cb93fa0d7781992ea44de4e05ee

SHA256
4ca4ddd58af10636f7a69fd2fef5a4055212c2ef9176f06141415bd92c63d9a3

SHA512
6387a66153ff1717a4a110fc0cf8b7cb26d9febb8292f7ba74e1606f03684fc0d0c57af07d4f68e56fdbd98f0992698b168a6fdb0a1c3a9707d2b8caec892446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4a529f13884b5b52fd73bb8b15c2b9f9

SHA1
f8498cdae9f4a7ca03f9f24b246b10f13e04ecfb

SHA256
a5e2b0647bc87aaaeb888690da3441e6422e68ae3e095dcce61619afb898213c

SHA512
fa2db815a39a5a060739321ca1526bb891ed3485726f4d6b6b2c378b2ad9d7981522a751c8542c83161ab27df49e06e34438d445dd53ce9783b1eb707c24d949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
ccf4c8171959a6612af6b282cc365bcb

SHA1
43cd27421b174b6595db14bdb42be74530f7c543

SHA256
9b3c4849a9ee67563ef26a51606f89a6d0687f77fd7a68bb6dc45383160c8d63

SHA512
797e6848afe0a6e4d4493ff128ddc8cea6aaa5544c942e7f0f88ec971f9ec8c886310677eef5fee5b7badecf1adc0ca60929b021f1d109752257b562fcd3e111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
b1767bced6af72f88f0681c553dc2d6b

SHA1
351570455c4aac958f9e9d63700525cdaea86e72

SHA256
ab30116648b2f1c408ca4c2284c5745f8fa0674e0f2beb85f602a9057188679f

SHA512
6aa15a430867ad6d00eb32f683e3d3e01443122c4e281fe09dcc1d42ad23131aafefbd4adae5c5522662f6ee9c2d7eb596efcf6e50e2cc668ff191dedf5c9557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
c2d1864c984183c3181745b4771d8cb9

SHA1
88682d52b8c749c780efb282ee683f64b1cc0339

SHA256
53a1bfe4383f5427ecebb0ea6313f6db0692a1be199c564c51183de5a79b1e06

SHA512
b28df6a3020c0b47138b1263e97adbfe841e64e73ec8db0fbc8b1339cc40b973f456375599f4fad86f250986d1ac634dfcd31ca6223293fcab36b31cac180667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
afe5022e4eb691fa64aa989da5bfb1b2

SHA1
0cf5ca4221c71be5b894f196f96e45ee031e4cb8

SHA256
66675eda8a79f4a32431a941c4b826439676e4c15229b6e5d3d6edbe8436b31d

SHA512
c79d7aa89f4c555a1ac2b8170686553ce8a9d7f5eb1044837dbda2271204ad6c0d8022addf116f82e8f24f41e3edcaf2064b9ff7f8649951501da7561b1d1bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
1a80e645d132cd98ca70f312cde2ba82

SHA1
95bab8a4460e10e27452a08409da9626bd048b13

SHA256
a66c17bbe27af6242f806e8a0805c47ed03438d361950c5f4320dd54fa4a4c3a

SHA512
37a5e5bb9ba4e8bf65821fa8ea61330a45ea8e0d53f62374b05d0fb1b0eeb21190fc2e40c3575d40ff39af7c10d4cee1c996e041578a2db7713020e720ac2ff7

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\24591f85e9569269a3b822d0da2e0626

Filesize
5.5MB

MD5
24591f85e9569269a3b822d0da2e0626

SHA1
62641ade4943b93983b4e59ffd6ee4dcbd77c17e

SHA256
d29bcf294dd77568fd173adac8c705d991482d645127baccb7efca20f560a5a2

SHA512
d0bfe43ece2c598a12fe7d3f2cd12e0685b639aec0fc7a1bbdf0829b886c22208e4236500d8e6540d7faef1514769b87bbdc666602c5548649e50aa61f2077de

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\cacert.pem

Filesize
219KB

MD5
1a4af016c683d93ebfa916f641da64ac

SHA1
c89c32b9620917d1cdbf34fb5b03f1a595e48e3a

SHA256
9483f4bcc05eea3c5929627130b8e574fdc850b4fac319d7e98c4f68c59a3a0f

SHA512
3b2ca0d5d0bdee0d060d50c71c88c9c7d35c9d0f0956b135ca6ddfa2618feba5774fbff2ce866f18ae20b90139e0c1eb8bf4087ac9337498b733d0da434d3eec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 485733.crdownload

Filesize
3.2MB

MD5
6fb368aaec9ae1d6e13ddb03f9533b19

SHA1
9074b36062e19b7bf0befde5fc43a7f5a18a2888

SHA256
0585526566a6f12fd193213eff6861f76762ca5427493b381de4a846b8ddecf9

SHA512
84752c6c7c5c64a9f32be94a239d135ab2c068c82c92f1ac28ae734fd2d92bf36a5102ce114f3dbf7a014c38808664e3ef5f00339bc3434b5a0cae7e038965e7

Download Submit