e64b51a62957dccdaeb1a02dd812aaa56162d2c1d17eebc21cfcf5f35160757a

Analysis

max time kernel
423s
max time network
424s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 00:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MocuMocuDance.exe
Size

2.3MB
MD5

0fad7952642018f21310fb68a11bbcf7
SHA1

0d963e6636f48e600be986f0007ccc91fbbc03e5
SHA256

e64b51a62957dccdaeb1a02dd812aaa56162d2c1d17eebc21cfcf5f35160757a
SHA512

df86d7dcbdaeb54b36fd0398bdda2e76bda9292b9805ef5d579255596f3e3f0e639ed4b0929c5930a1ad3a967606f708dd3487f059e189c263cfd2263a3fc62c
SSDEEP

49152:JOgAYoZiRUwWF5PcGuqsLrTrhKc8jy/j:HjoZiUwqPcGu7h

Score

8^/10

defense_evasion discovery evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3872	RobloxPlayerInstaller.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Menu\hoverPopupMid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\SingleButtonDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Chat\VRChatBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\Tutorials\Tick.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperStorybook\Collapse.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetConfig\selected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\PurchasePrompt\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Radial\Leave.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-online-10x10.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperFramework\checkbox_indeterminate_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\ButtonRS.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\models\MaterialManager\sphere_model.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\noise.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\MicDark\Connecting.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\graphic\player-tile-background-dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\gr-numbers.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Chat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\FaceCaptureUI\button_control_record.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\LegacyRbxGui\Asphalt.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Help\XboxController.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\Discord_large.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\TangentHandle_Automatic_9x9.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\LayeredClothingEditor\Icon_Preview_Clothing.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_3.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\MenuBarAssets\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Players\BlockIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarEditorImages\Stretch\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\SelfView\SelfView_icon_mic_enabled.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\DesignSystem\Thumbstick2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\avatar\meshes\rightleg.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetPreview\vote_down.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\RoactStudioWidgets\slider_caret.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\LeaveGame\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_5.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\GameSettings\Gradient-Border.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ViewSelector\back_hover_zh_cn.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\ButtonL1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarEditorImages\LightPixel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TagEditor\rightarrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\MenuBar\icon_minimize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\Debugger\Breakpoints\filter.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\LayeredClothingEditor\Add Icon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\graphic\ph-avatar-portrait.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick1Horizontal.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Help\AButtonDark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ManageCollaborators\FriendIcon_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VR\buttonActive.png	RobloxPlayerInstaller.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MocuMocuDance.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680684118792300"	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{C0818532-8290-4E75-BA62-ECBD20D0ABCE}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-ea4f8221cbd94062"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3828	chrome.exe
3828	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3872	RobloxPlayerInstaller.exe
3872	RobloxPlayerInstaller.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 1148	3828	chrome.exe	98
PID 3828 wrote to memory of 1148	3828	chrome.exe	98
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 2120	3828	chrome.exe	99
PID 3828 wrote to memory of 4076	3828	chrome.exe	100
PID 3828 wrote to memory of 4076	3828	chrome.exe	100
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101
PID 3828 wrote to memory of 224	3828	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\MocuMocuDance.exe
"C:\Users\Admin\AppData\Local\Temp\MocuMocuDance.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4100

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa0a5cc40,0x7ffaa0a5cc4c,0x7ffaa0a5cc58
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3536,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3812,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3468,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5284,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5528,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3444,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4992,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5676,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5692,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5836,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,10853682260808472846,7080559874822935418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4812

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
9f1edaf7fec140c4fbf752bceb8faee9

SHA1
446e908ae656e01c864606d2cef06ed8abd96fb3

SHA256
810a386924e8aeb9ad6a432067a96b9af05b2070b4a034b28c6d715d99740666

SHA512
2a97bdf30878cabc8460b26baa810fce2f06e649a98937c4112e674ddec24a3cab259b820fd6a382a11cb7d8167b33ebe28ae7e10338a283b299b9c5a4951f0e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9ee005b188d28f742df8e8644f89f886

SHA1
b48250302939304428ced5d2dd3a79c9ab523c03

SHA256
7eaba318c26a1e5d0f4d803c3a949fe73d05203b7b01fc1ca3f585e3d394d090

SHA512
ba28283e0581bd0336d5172025deb8871aa8e940ce5ba88654dfe92903c77d9671186e1a04fbde3c7b05f7595b68e3850f9090aac58566fd659d082d2b5bde6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
100KB

MD5
fdf09c3c067041ffdefcc9e1bdea9718

SHA1
e31cf28187466b23af697eedc92c542589b6c148

SHA256
144754d90b3eaad27d8a11c86faadb24da4ddc251bead8e43b9ed515fafb84da

SHA512
9e32b294cfc17fd52fbdd62732571f4ee57dc0308d62af476331887d0e2446b483ceac06ba4617cfbb1c347d771c0f7ea12108bc384e93f69b180c7ca1a92268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
352c42f0f97a384852f9868df967f37d

SHA1
ffd264a71c01e044735a3e17e1eb69a3ee16693a

SHA256
6b81df069381ffbcfb239992925eca22fe72aa8d9c3143fa3dd67e77aadc77a9

SHA512
55f493593e400192a92cedbc2bb0d3ade94f55786b393942887484e7daebf99162ca4606a09c377df22da1b9ee17e2caca61e2f95a2cf45d83b49399e27090f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
023a556e4826298cafea06a120b6e3e3

SHA1
60051167c9a5ebe5e84cd97c64f5d030c7a8a60d

SHA256
7e5be630d51bbdc7950573ab0da9b1e3b7980b77baa632bc864835199d9a2936

SHA512
1c0209d5c062b93245ee6a50b7448d960d2ad15c4c23ee3e83eb0ff340f5c2535677852e1c32d48cd6d70501021877e6d187bb79e292dba917d68da3df48deea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
94af0356b197e80896b6034967f1511f

SHA1
c63ca2e0b9299ac55435642e655d41ec1ba1d49b

SHA256
152bf96d44c7ffe8d2626424036050b4c2d9aa3f0d8d46d81e7d2a9354812689

SHA512
c778b655e1e9fd9326830bab0e2b26345bf24de05a482a63f1eab45d4292cd100acbe0761a37bd63ac3b145f9152827cd253ac036a5a9b92451dcb600b47f1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5175eef85209161b81393a149b74239e

SHA1
7b914255a4cf7cdd78d2163a0d65de5b3bb960b2

SHA256
8171dab13ac992ee97bd7b28d58c2caf5ee0661492db0a2352bd5c6822bcf37b

SHA512
a5dd17685b460869affaf8b8b75275bacd699bd93c4b36cb6a71ac9caf899789853a8e438a8e913d312ca923ed65cc864a6baeff03e1d1224beb2f8482ac0f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
0d43f17e18a712eeb12f1357aeb503ca

SHA1
fcda653c3f27c13f27ae747fd31d2598103c9096

SHA256
11f5704e590957034d88825a71ea82227e46f11577ad82ed94c564ca60dcf369

SHA512
2cf0cf4b06a00e5629ffc99236b196705d36ef16599534bd0c2d0e21441e7e3f9babdd9ee26e3e2cb1a63535bc459cf83e22572f3dc45d885a2610fae11a66d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5b4cd4.TMP

Filesize
510B

MD5
a8c3a991c9868c725160a4a50fd62268

SHA1
44267db1a9037c36a11273780f5d71fcc71291d3

SHA256
c49c9e56e60c52ed0debd8aefd1d604312d9fd8bdb47d594e55d4f1c6275267c

SHA512
420300750975b1488ab94dfecd9592579322f0a535e7b1e9e321a98389e75659929333d5fbc85e9abfaa2eaab74c2aae0497e5e01667f3df172c153df1358f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3581a164fd9320f3b983a0222c6c7549

SHA1
5666d37fb576758b2a97da532565c7d3aaf83852

SHA256
c1041bda0a2e7abeb39846af962612c8d0b4bbc9f572f549989004373f41f271

SHA512
b0ea528214b051f7fda839a0c99671d5ce4f1c2a415c6c2703f0096aee83259c02dcdb6b96dd93cfd9d7e60dc4c81001ba61debc350648b530e2c23cbff9ef10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e24a4c01b9f4c56e863c12a5b85c4c1a

SHA1
08bf46ef3d0d8033332162f7276dd7fe02c70447

SHA256
f5855cd7cde81a7e5188cee4ff4da5c4db113853fd6e56e5833c32bddf857e44

SHA512
1e129f71b583f9745abb92f4700fc1d6d3fcf02108268fb936ba8bc34cbbcb1992f5d7f3fef043da40aa5e154ec26141edec1bdda52fe266bc0d5233915d8dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
eebc46ca4bc21ffc3b62e32bf1bfe320

SHA1
2ab61de6eecaf31ec2550c2e1d1dc1a18a46ee99

SHA256
49f9d263e5bc711d332c488f289cfb23cb5c467e1dac95e54a6432c4aba2f60b

SHA512
51d0bb70befbbd64b4173c4798115076d740ccfb1d9ed22ddcb2b33897de7fd7a813991c154ef13604894eb4ec123591d1ffca14ec6aa9edf9685f083d88fc08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
345a8f664d50a76318d4d44102fe45d3

SHA1
5fc378a08c9eaa30ac0def63629e1b9455427196

SHA256
beedcf2b47cdf78c2e537cbd57c157d565763b170cc8de38917f54809ed29c34

SHA512
693687435650654bd2bbbf9e21fd153a05dcc28191ade667ee6b315f5675bec58d05fe1da8c2660237eb51891ec250f89410a3852a87f7d83f6b619f9cf34bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f38a6ce6f3818e18dd876654c9545ccd

SHA1
73889f248b52850b2eacff2f190e3f919a6bcf09

SHA256
8b694c1b6781b7ddaab2461ca77c4c944e5d642daece52aaf33c3287a4526908

SHA512
976ec8ffe6dc347c917cbcab48598655d83748f111b63955f8e69ec48b984c1b6b1cf202cb57396f4cf2dec45a6fcb8a0f8d3b1b2eb82a24ff3020c9e9da471c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
622143e72eff2d54eaa735e649b2b114

SHA1
2893eac5524cd0b6782b10e5e917c1d41f040069

SHA256
b58d847c2cbf247f08e8988b9bdda58e7cf307838c16dfab81952f90437f3fbf

SHA512
3286f5b35fb9e7986a1b80e40267e4a88ebd2247ae8c10e91305303099fd83b9fe357cceb180f8ae3adb8f4880f05363a48c58aa332babc37aedcb56871435af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
10e90eaaefb5855dc34ea28b14379675

SHA1
b37a86ad4631a2b9d5eaa016cd212e6983c366cf

SHA256
e09d2052f709c943dd80470939f8545d54946b6f196f1ab5c241a7e20797cb00

SHA512
d3904b810bc6390e582f78e0384a5e658a46f3a41aafd5b18548f75156d207a64e79dbefe0cf9df490499006ff6018ee4785bcab73584ddad20becbf4264017c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0b740ed3c33c3409eda09eb4c9292f7f

SHA1
120eda7ef3fd746b12ade46f350e023251ed7740

SHA256
002af23f7f18831cd5ca0f1492cfa0642d17f0500f3c3a455a3ae6ce8f513756

SHA512
495238e2bac2dd0c70f9a53c268c8f4fd46a4f0e754178e248ea501640b9fe64c37e70a6a8be62f315f33862f617c43d1f7d2a8f4224a04ee5532a3ca88c264f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
86623cfa35674acd24cff539978c611d

SHA1
b4d30d52a76651ad0233d8a1bd9c92df433d1f5c

SHA256
958a254596855a3b1a3eee9baf83c091e023b45f549b02930efdf97df7567365

SHA512
1160f89de52219e2d667dcd353b6a2e3583420233239cff4b43f08a22e3201f1e9e8fc78ab4a34a0932a4cae91e8c9d9d546f0248d49415dc484a9dfebdeeb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5f785c5f3a093176be6138b4e253aa37

SHA1
b6e367d7ed35ad93839f039ca65cee80808126db

SHA256
1df1458f2c9c3960d92ff1bd7abdb0fc13600fea9691ce6a1b8c7fda938901ab

SHA512
21608763d4140a7d24a2b6309fa4b552f9931c3c3c4f79422edda8792ccae00883a3e3075c6e673c1bf94b4eaa47aa98dd0308cab03cb179b85c2840a9b0a206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
07134c3e27b02384c5a66d729f9e35c3

SHA1
7970e759be6395e8600a3d0a19dcf438fbdb81af

SHA256
722673a489a8c70379e065b87a0685a9935480c78fbc884ee622c3eeaf472600

SHA512
08c8ce46bb132adef18d67ac047b4ee73ca33e5e8bcc95bbca68d9bc8dca2ce6c6892eba7c19437e649f424ab8fef6bf3ae3836c24ecfc31c49403b5cddda3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cadb9236cdddefba1e67e7dd90a97360

SHA1
1df8c908306ff9ab772c5c30e82fa3ed04c2db4d

SHA256
c9cc786039977b959196b7f65c63948b62cc528727af4db22a07f434df98d081

SHA512
8533524e8b8b66c625c9d25d7580b1e1b352672be9a497bdc9000ce3720e3aa897faf5e225e18f74d7c1497607f102bb62fef3d0c30a87cfe8b8dbf9fa85179b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0209a57d7f1c05a85b95184b109145ee

SHA1
139bfc9f18d3972534266da12dafdc7422131019

SHA256
cceaf5f9cd2141e00f6ee6f2e6278a7c738ef84cedce30ca147e21ad8786fcae

SHA512
a427121dc691bf80b71dd416fdcffa03d2774343a8f7bab0708f8cb4fba799394ac0207cf8dba5779849655cd91f9fdba3b03e153608259ec3de8e08f746b5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2433a8ffe175e0b5e3307e3509c6960d

SHA1
f75a3c59fa102f7e291ad81a795ed37a96e04fd5

SHA256
8c8b3a2f6942802dea5fb92c83e79192e54f333908c4c3debe31270617b63d98

SHA512
d423ff2b182994fb3471116b82f89851da9465b27583734d52d0bdb5d51c1a73ec9b76ef0da49f53fbdd71a6fa635c6f90edf58ae7910ba83009672ef29de802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
745ac7361ed8799cc4716c3866cce52a

SHA1
2aca70c853aa67a9d83a28017de2fa725d1e6fae

SHA256
e1dc7a8bb0bc26efdbce85e217c9810f2f23b0979e2d68f74ebdbaea3353322d

SHA512
7197c88f49b42db9d14694ecdf82cb54ed387ef26836706c143acdf53d0e5fa6631864108c6ce89afd2d6f301c09cab34fa6a644a7de6835eebcf9c2d9152fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e2a6d273653689f49bf4db21b3629b37

SHA1
278bba64113d44f32b0cff8538eac22cb47ee8d3

SHA256
4dc8c6b5ab12e95844ca028f1365286c56d6dd58b784abf065c55830a5e34f7b

SHA512
51f80814553d08dd273fdd1dc1d26159151c15c43cebbd910575a5f308dc047ee5ffe9fc0185226691d4f5d575d9ade14591f8079426484ec13995455145f95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
79a7ad2ecd9769dd5c280838ec34fa79

SHA1
372569b4132ea4c9d52fed22b4faa589a90744b4

SHA256
e489cd651b386ab65f74a694c98c2dd8cb6ef9125953fbc8c312a26967e9ec7e

SHA512
8de7338f4aca28708e3493934d99e3bafab28cf0c2f952c40fb3a2e8912d645e6cd853d8a980556851b009437cee4e3593e26b1538f63929953174e2aa738df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5cd84884f99a3dc7cc2dad488c65da8

SHA1
4896b47340d37f5762da1f99d8a5701d05def652

SHA256
23e11058798e9368331c694dec3dfc8bad97c59af452d1232c7cac5878c1505c

SHA512
0c5453769802a62ea40c01253242830e527cbc8e73bd72ecab3a6be07e9a03e26ad5938ae04976b46090416a20a012d13bdc1217d3c59567bd6b44f2f9570a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0d3bc0c6c8a37a42d7d52bc73c9aede5

SHA1
e56e719a9b838b55145ee62771e79c6a94ac4127

SHA256
f4fb98adbe8d95af5cf6ed1928fb56d232c17a61755c4cdcee25450e40152ee3

SHA512
9f228fd7a57f07038a69a27a36d2c2db65db689e1abf1886209a75d946d8ce68c75774cc60a9d9baaaaed63338d27dab31dd19d6ffd2d59b19975b9114c77507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
05818fdf4b0c6f092e8f3dc9c40acfa2

SHA1
4550f7bf685769ebf5132a73f0025743a94b8237

SHA256
274a148fea72e1b0c911a93f02f1a0d89da22c62c96174144ba4d25bc8811ae5

SHA512
c6c32c835a38ecf912c952ff1fc46ccabda4fe57a17d63e6b17a18551fce46c23318d78e059c4381fdb8f9b28f6b7bbe813ecf64421992f3821d4139aaf34618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1995ec843e69bcc39366b84ac3245076

SHA1
4d5b0b7133b8b149cd980d309f611c9dfbbe348a

SHA256
5ce0bf49dee1c00f12560cd5e0766d6f52df2d701a3552f03850e65237e239b3

SHA512
5745be79a5b62fee40ed9dcb6d8662385a69167cf301c845c687a6d68381002ee3ec518eb1b1b1217e06f37af44eb7188883801811b20561eaa3f98cdaf93ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e7b80c98c3d01df52ffd3db4f983a061

SHA1
457a6f0375e697e6a554fc20bb44f8dafeda33a1

SHA256
a28dbbbb59f60a545e06620a2f7db7d67450bf9bba00d87611a03171e3be99d9

SHA512
1f9442174783517e3cb896d0f5bebdf02028f0f27cc73399188fafff09423c1dcc9c5ce1db65d268e0a4122b43c89869e3a3963b43555560b38d7185dddd3001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5fc65eb95c29def7de1bd193bcda9f6d

SHA1
d7edec6da85bb79d162ff16843cb1321cc08eec6

SHA256
2cecf0d9709ae7484e04970a8ec943cf4757f0f00890b690be135bc731a92e21

SHA512
1e18bdccf1fdc34b8fa53332c0ece2ee045487cf0d87cb25c87f9c1b94c492cc6e629ead56712304f7bed52af46acbdb488d2295e4dee07cc51171a096e12d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4310ff357f2ccb7a261301111f391140

SHA1
d5e5f9e6a592b5028261df5dcb084cc98deb7fda

SHA256
03beeba4ace4bc813e086ac3a4d2aa550a7f84601b75af6dc02fbaa0116bda7d

SHA512
d9f6b6838179446da31d321da6b6c2b2cb95fd613cd7dc13206252cd42c09db8ad8d0141d8005fc9924229e997a0ed23ef62e1d4414b8f00d28d111a336d5640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0b5928cdeb187b0584ddbd6d957cf7ea

SHA1
8e87a2babe3892de76db9c5524ad6544d4431d87

SHA256
8665478e9a64e90f20a80d4b8c00458f2d46a81ad867ef575c0b971bd8c2f0e8

SHA512
473f1a467da9fcaaa4ff58975bd95ec75df46a445b721d8ca5cbe0241987d0193c6c0d7028a2fcf0ff24832f4dbff43e2d377d0ae513f9bf14bc2b64c5a7f4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b7f74e7e257db1216cf7e858e5fd0963

SHA1
8134b630c33345d0475481eb56f5cfe91185da52

SHA256
34a0fb8e1711829910b902e48ffc0ad5d0104ede2c52f2df17fdc9412d71cea2

SHA512
c33bffb11e54070781805f2dd6e104d3dc059d908ab6703f0d1e1e315ec9aa76b8304ec4106750e71ec2677e742cf0c9ce147ab77c43b337c83b60a64ef697aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5ce33cc5f5fcf350393e76cf8b5fa3f1

SHA1
818a69272b291bdd91683fb09aca62590045a59e

SHA256
5538c9faf2e0eb0b054fb8af850430f66747c5ae5ded221313bc2834912ede2c

SHA512
6945526c73a2dda4bd5798273c2d9bc9d524f70db471868fe0104894c90d36243fb9153e8af8220f9d39f6c5479f1f9aadadbe13a977bbfe890f7cfa9330fc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
db34267c35f0aec6ec933a9981bc2656

SHA1
f2c39307bd1878fa444c4c4c743ee9bf76f06100

SHA256
9b792bba24a920af52286a6dd981d25bae95eada7c975a297193ed1bf178df23

SHA512
d6a4a49e0bb9890e3fa03f89087ebbf09b982efc0d8edd1d414d8b154d0553660d6e5d5da89ec75026677afae9601d0d8a22fd4e402823617ded8136881982c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f4f4d81dc8d4f5f946eb6ae17988504

SHA1
a933dd7d5c0299e75503b6af2bfc0af6dbc78d28

SHA256
be85fa6ee61ecea043ca7d3c4b4b8338b49115a35d9d86a5e84dbdd197784cbc

SHA512
95f6d9c6dd53e5235572075f8d61a0341e96ae8bbd8eb3db1976fa168391162cfdd1b54dc2718324e8d52bb05984094ab322aa34130ca8b5f345522ab5f289a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bac65018031702eb6b85436075d1d7e

SHA1
6aba1d8cf1a8166145e4999aa485a67a1e7fadf4

SHA256
c5d01133c1efbde798d12e01d659f449a4d115e2ac6212fe24abc98c4183f554

SHA512
65875e53158197b153a28bcadd52be87fbf8ac313e01c37a04741e39bdbbb532acf2c80d95f1471042510f17ec23d8d3275cedaadd322eed0be27880a15919b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fedfe234ab1ad6b2ca29a2bb066afcb3

SHA1
bc16c4626312b904ca0f108a456084f00c81d272

SHA256
e3f72c942cab9adb9085d75e8ea96330b29680bd7fa0916549b7f55444368fd5

SHA512
8860dec4a7dc83c80867aeace6c8e5d946919a4ed7748718894723b5960fe75f66f8b9ed6ea50827679def4d0938e946bc0f45110eb7d3ee842810e4c38edad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40804608cef0ab1af889e12b7f8d0a9c

SHA1
d85460ad3801bbc156e49f8792d0da2024963461

SHA256
d1bcb37de9d2890d71ff0ea54bfa80c1297999283a780d09d7b0f961e370315b

SHA512
643c3a5be1cb3ee8f5554b14d9151f25e7e83f2de340969a8f5ae36689b2edae213a5cf66b3f3948db5520be5ce3dd6bab500c2dc96d77ad0afca9018ff28200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1127a19616db318ce150678454687576

SHA1
f031198bf2acf0320705ebf5bdc127f46252bd66

SHA256
c8453c848d8b95b10fbb2eb0c2f1187d32633531d09f648f8db1e78c60dc74ac

SHA512
ab55e1dfdf14b64dd94a2239cc77034fee8d8918aae8ab7404d435382be6f4d83f7c9dba8d8445ebeab18bdd8f913685aa4189145020037059e15067989a3878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b10d019da25b3c6f08f92c120c742d17

SHA1
1c7e9a5ed9dd7dae481cd0ce0d517434e91ae55a

SHA256
692857ef441e079da030fe2e9455c8a97239169f47e15d4c8c1bc78476f104b5

SHA512
2593f46022eb63b7bb66df05299408636ff92933cc71a4737c18d834dc5fbe48ec44dde7316da2e80a4a3a1705576824d9abed97063b26713fbaa0d5cdc44b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4abbf36b6035545793757348c339373

SHA1
a44b5f8bdb48c12ffaf10145c1ae77c9c02dcf75

SHA256
dbeb12a4312509611fe2e456c295d08aedad19a6a6dab7b124e107dcf6a2b29c

SHA512
c0f66a717a658aa243ab5bf22d953a8c614d35254896b7c3f24b6124586a9377c39e4f5b5160a10d6619f1dae65bf6408d9d28e65ade5c021837761e147b3437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6bf4a7c57fcdf173569b9de750b38a95

SHA1
9d31615a4a66492e8273e7f5d46138c6c713e480

SHA256
c328467e12c6c53254ab361c479c272132f889b17422cb029589dff0c01443d0

SHA512
ca99de8d2831f13f3d35b5c55cef97ed6f0316ec0dd80f1a02d1ecf076c832d591fbc4ed4137fd038b8cae83970f4117dc962bdb9657848ca5d636a4e6c2f2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e52bf97ac446e16bfdfbdf2e290954a0

SHA1
a18806aa661e685a8f37a77e0eaea29e6c4befcf

SHA256
8e5fcaa940fd3d4363824554d6baaea7556c45b8b1dc2fbf4b1a0965f20b5e91

SHA512
03bfd8c180ab3d14feba8d04bc2013a95f9032075e89bf50fe51ba797c834c3869e986e0a5ad97db0cff05913db81db67a3aa34a3adcc8339527df1d364045e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b17a5e53678f8c4d4fd340bb1333291d

SHA1
a54b1a24b23356986e2957607d0fd45faa6ce192

SHA256
79f9bdbe46fccb1f2eaefaf88fed5e8f8d37199cfea27934fe0daf347930739e

SHA512
d0e5395ad5688c77d002fa0d04ae0ed2608152d79a5454d21809d341e4d45cf5839a72cc92bd12283ab9b86be8afd003391b0bd0d331dbad2290c4549fe73390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12e1b199d975f8726527aacfb167a2c7

SHA1
3fa28140fc5d1f0b03fc1a7a0cefcf25e9da1b54

SHA256
c1439287372fc630a0bc4946dd0a6ef4f209e98dc7401c70a594646087d43b93

SHA512
2f14757059b38f7c44c9f35f71463308d27987229280f320824676053dec677497b6cf303b5997db72186fcf7f1f1b343f157b792f30a6f6c7ddbfee451459d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c719c1cf9a1e0334fe863dbce387f82

SHA1
facce46d3f7e575ed4a75cc7108e6544380fa82a

SHA256
259606c83679ae86273bb3f1317a8ca2830bf037d038ca1ea2e402bf5575ecb2

SHA512
5f332e1a41bf432bbd8d327d872ea0400e59296ce7810041bc68bb0933eee325257fd877d04e226a2a204e1a7c0b0236b5234d0ac48992c165971ca403d0a509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be189f07a9cded410ea07d4eed77d279

SHA1
213054d230d07fee2bed89e08a2cbde42d834004

SHA256
b8688c64f2486d02b1ae897d5c1f9ee187dff34df85a322b3fccda26bc058d25

SHA512
2f44dfb05f8680a9f2a5f885901a966818ceba9805278d4861d074ba8e2728464573a08ff587c9feff7d9ec73dd95f14f186f7b50e18dbb2021744ce9cefcad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15aa3906e2fb52a670e758c709c63a60

SHA1
580ddf9ba0992f9f68b6a4765996f1cedc67fbaf

SHA256
4b8b54b54df9782cb1ed2fc7d98886cada410dcace459e2e1ec4ba0553986339

SHA512
b4c46a00bd2bdbcde16ba572ecf35d99a8b5f602803f1b90ee78bbaceaed47edcc65471425848440f5148412d55a6217956081caa7049d49ece6dcc0df58c6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c79f6accfb3ffd9e7834b7cac7edcc05

SHA1
81476c0b8d7aecaa6b4176a9017e515784761f8a

SHA256
ab64500fb6e6d42655c2de050eca048724a50e0be53ca649ea4e1a135c8d39d8

SHA512
1b51d116bb1fee5967c57c34caaf0c98481af7ffc3fbd0fcd9d934bcea56eb4bbb06e89a18b6317f404986d2d70112ee232fefb17b2dbcb6da4c20539a1120a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddf7da27ac9b66efd0a5c2c6c4a8fab3

SHA1
ccf5afc2de33d24ce000f93a7739694eeff41bc2

SHA256
ad8710c637f3fcb46acad782de53455bf1e7b12e04c58b2943ef6bbb0c8a79bb

SHA512
770c8ea0c83b01d85a843f3cbd8b3e25530b08b41f710b547b23195a174149984b01b1f0cce203a7f76a636bf4f70ebf5508235442e3b5c1df07423548f18ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8b6bc77bef0f6f46ba251c4163da2ef

SHA1
8a38cf813c812eee8b8e16d118f9e30d802dd50b

SHA256
9e6a03647c4596e91c62e713109eb5eb60eb521469ce8ddf2a9d434443c1abb9

SHA512
cbd57b72b0e9f4ee1c5fae98372ced43b74c6686931ca56aebcd3b3082e2a721a72827176922b298e4dd847653f498539697226c1f4c45c927c660e1ae9d3375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb4b2e6ebffa8c2f8265317fde43bdb7

SHA1
9e6d2c6ce1c7b186036e69cb3c4b8b1ad31d5128

SHA256
2a8fe2f058c8c4a2f52d89516d91d2d61b92ec89c6df1cfa8fe1e4ffe4d77b69

SHA512
8b9c4da6c8c4841a5be24b6d260a4cac5192d224b44aacad954803a20325562cac943ecbbe6fa51b9b918efa91841371785085ab3ccb6ede386d84a873048344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3dc4cb059d992e2645e90469032e8888

SHA1
5c377ac57a60ea79a490438c9cda35cafe895f4b

SHA256
32454d224dee97d431707046713da7e3d774d5afd39d9f270709430089b03480

SHA512
ad16eb913b63f374e3791b6be0e5a7be882377b7d9cdff9ec47939a9153b3ddea8e4a47599c017cf5f8a56ce12eecf8c5f8d4c6ba37f84fc46dce4bdc020b794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23316218285aff5bd2b74c20ffa02e56

SHA1
c06ccd0eadbd92f62dc4ae1e634c20cfa8c62c5c

SHA256
82fb12cd0425d4890576f5a94876a75f95018a8f09639592ace5e94d65158a95

SHA512
8287aade541a631849c8dcb5258497bc6606fef355194c357e0051f356928dcadc8b809c3dcec757abbedca8d57b8f902474745245fd762236dc25b7508c2cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1dcce15a3db0c58477a6cf2f8c77925a

SHA1
d85da2cecb39707cc940998a9a6e1c61c46cb0ff

SHA256
b42b45904d260060d81d4fe8fd06177514ac03f2dc6cd3dae0efefa98d2e449f

SHA512
88077351ff7a80011db36bab68431e080969ed7ee0ef1287959d18e86049d8b6f1174806cd87555d99ca491884e62ddd28e72f65d0a859af70de5671c8ecf681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a88c4ebdb0899e071034864bc0eb7437

SHA1
fb859cfc34a64826b2fcde9d10ff998d88d86cef

SHA256
4801e02dd9e6c03844adccdde1acbe9fbfdc2ab397a4707facb8139d4e7dd902

SHA512
a9c442db00483a8e6ee1ada643877b15f2d25bc6dee670ed88883dc0a801e930a99c5e50894ef38bac5951762c1a0a520493b300917ce2ea982550ddd8f27b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d9df55af706fda8a1d04b7e73985ba8e

SHA1
018d7c0879933656b68d3be9a1d269f7c8bd0f1d

SHA256
c8e98119a141efa6b60fba2e1a75344804b7085a4981eb02a3c665ab44c1492d

SHA512
6c264e12009a65e8bca0039e2cbeeb2745380566c3f2a4be6998ac2dd1deb21cba758935cd772128d809544fd39ce080012bfc49a58a6cbab9ed8d4f481023c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aeb4e0e1-c15f-4ee1-a650-d61b5bb3b8ab.tmp

Filesize
10KB

MD5
8fb88383d6657df445787b830b201bda

SHA1
bc181a380c912ee348a921d4ed6a8bcf79179bea

SHA256
21dc1e274c93fa9a52894e77d9b0cbd647669ce2989d39a95a83b5f2f27b5399

SHA512
c339ed6a1a5a8052347b751e24a07e42d306a29bb34d6280a7a02428120b5a20859ea48df951333cc84605b74247e8fe46bc59863de1bd1e1e2af1e3bad5cb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
fcaaffd5a0690159a765ba2d9f7f3b08

SHA1
cd00cf03f3c9b344e6530bc37eac7a2aa5f9d41c

SHA256
b2832f14486483d0da0dc9138f3899f0b0b8dda2a71c2b13d9c6022a9798e4a7

SHA512
14529e9af60ab86ce38b15e38ab52ac4d862f29c0a3c1066cf87dd7345aa7935f715d406c477d927d6a71d6edd849cd249c2ecc36d752a8efb2b39d58dda4f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
d4e87b13bfe02868d656580d262cc3a2

SHA1
a3e73b2ba716a1402997df0fc2de171403a0845a

SHA256
a2b009605cd6ed3914fef0a2382ff58786ea1d80335b75fe368abf47326c95a8

SHA512
567a9b259a9b88b08253af6ac49d4f3b1cbd93aaa3213b8ca6aa55ef6b7639f87696af3a115473e0dac5f22659ffd72825431ced3948bfde6e3c06c9f6a7f77d

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\576e1c153e9a4c8db9cb845a7679bfcc

Filesize
5.9MB

MD5
576e1c153e9a4c8db9cb845a7679bfcc

SHA1
7fa5235289c1eb038774cdcf30be21cb72771201

SHA256
da54941bc273cb5ea3c50a3df7983f6560114d0e9f6fe196a2077e3810f561dd

SHA512
a4d956c4c860ba9b652647c4fd94ba0a617d1ec3436a8fe267292d36b38805acc4f484aa65e9c45e20c10536365a13645d25acbdc4c23e7506829a6f603820af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
5.5MB

MD5
3191d6165056c1d4283c23bc0b6a0785

SHA1
d072084d2cac90facdf6ee9363c71a79ff001016

SHA256
cbd127eca5601ef7b8f7bec72e73cf7ae1386696c68af83a252c947559513791

SHA512
ac0fa1c6e8192395ec54f301bc9294c2a13cb50698d79d1ca32db9d4deb4852e7607032733d721bc5c9fd8d1ce5610dd73b30b66e0302141377f263a3b7fa0f3

Download Submit