hxxp://roblox[.]com

Resubmissions

01/10/2024, 11:11

241001-nar2zszgmh 8

01/10/2024, 11:04

241001-m6bt7szepe 8

01/10/2024, 11:01

241001-m4mtpawbmm 3

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

8^/10

discovery evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2584	RobloxPlayerInstaller.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\scripts\humanoidAnimateR15Moods.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\scripts\humanoidAnimateR15Moods2.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\OtaPatchConfigs\DiscoveryOtaPatchConfig.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\en-au.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\fr-ca.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\fr-fr.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headB.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headF.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\PerformanceConfigs\rofiler.tools.js	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\ja-jp.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositTShirt.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headJ.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\scripts\humanoidWalkFamilyWithDiagonals.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\characterR15.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositExtraSlot1.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headG.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\zh-hk.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\GameControllerConfigs\gamecontrollerdb.txt	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headK.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headO.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\meshes\leftarm.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\es-mx.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\pt-br.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositQuad.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositRightArmBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headC.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\defaultShirt.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\meshes\rightarm.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelist.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\morpherEditorR6.rbxmx	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositPantsTemplate.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headN.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\meshes\torso.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headL.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\en-gb.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\en-us.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\es-es.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\ko-kr.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\defaultDynamicHead.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\de-de.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\pt-pt.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\defaultPants.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headD.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\zh-tw.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\en-ca.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\en-nz.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\morpherEditorR15.rbxmx	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headA.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\scripts\humanoidHealthRegenScript.rbxmx	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\R15CompositRightArmBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\zh-cjv.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\configs\DateTimeLocaleConfigs\zh-hans.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositExtraSlot2.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositLeftArmBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositLeftLegBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headH.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headM.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\unification\CollisionHead.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\character.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\defaultDynamicHeadV2.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositShirtTemplate.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\compositing\CompositTorsoBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\avatar\heads\headE.mesh	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722545522527860"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{ED588CD4-12E3-485D-958D-A8948113B9CB}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-1e5deb86743148f7"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
2584	RobloxPlayerInstaller.exe
2584	RobloxPlayerInstaller.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2592	2012	chrome.exe	82
PID 2012 wrote to memory of 2592	2012	chrome.exe	82
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 1588	2012	chrome.exe	83
PID 2012 wrote to memory of 4704	2012	chrome.exe	84
PID 2012 wrote to memory of 4704	2012	chrome.exe	84
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85
PID 2012 wrote to memory of 3064	2012	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9931dcc40,0x7ff9931dcc4c,0x7ff9931dcc58
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1580,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4016,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5032,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4912,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=728 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5156,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4512,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5068,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4944,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4960,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5588,i,12939110758638269661,12850759644461338047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2848
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2584

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.5MB

MD5
fec78f1ab5646cbc24229181de0c504d

SHA1
571db81600725ca17cf8763752103423c0ed09ae

SHA256
0ea5b6fba50d2a05704486398ece6ecee7a859a69e021b21cfd0dc08f4d39f6c

SHA512
4d4601c191d16f7cf18d073a7ce425aa52998b4316ca916cbb36d6ea9e8758a03697b2e4111da08dc63022e6af5353a885deb3e3226e26af27e1df7effb7102c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
20505bfd76c5863e55efa47ba3bdb302

SHA1
bfb7d3d1bd706f72857de89de9285e6f61c5687a

SHA256
ef96819fddbf8058b4840c23936b0de8bde0c90abc52f949b7ae19cb31115e4f

SHA512
a588cf2e903add44c3d67570b176e65e7681c856d88a50e6d7a14fce5ab4efb315bea8b4b1c13e130edecf42574e0c38b4baf091ba2078d571fc9ce515eaa908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
100KB

MD5
2e52bee929ab7d56b2622ae84962e0dd

SHA1
7fd648bb1fb1f069578e992972d7f22ef1bfb36b

SHA256
58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b

SHA512
c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000be

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fcc107004f9ec5c829127fae14f19db6

SHA1
09762596c3561773cfa735eb5e1b2ac29c42c23a

SHA256
53b6b19ac0e3a81e5c4f9fbccfb787b4610ba9c3f42f692444073feb00a5233e

SHA512
1e6d4fe355d842d58addf5c48f84586df63b99e8a2d22cdf65cf308d31638007df51c66b62b525e83801eb0b6b2760b8483ed540c03608b889f193d629c9eb3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91249557e1575894fa8cc2083cb6b629

SHA1
745f78f5c1c9e12e718a1f6481fdc6395f31683e

SHA256
9269ad789592736a534758ddcdd7bfa4f5cbc311e5a5dccd71376146dbc3d08a

SHA512
b0b1c27293fe2ca540d7404d3ecca1168b119c112e8333c7be4627980be49106a5977ac2fa6e6bf579af16ff5c7441ab083e89489f8d5f23c499b14f66483e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5ca2e59849d894ff7c6363c0b02485fe

SHA1
a6c8d4489d0fa619759819d75eb48eeeb6115129

SHA256
a78c4e6ff90a193e5dc494f4b248a718fadf4fe12564c1af225d8ad181e7a61e

SHA512
3d4faeb788bbe4b38dfa857cac00cca2999e6e021f0d422bb51f11d84cc1a318243f5d51942c0bcb36db2b6ead187949b20e9d49859111565fae64374f8554df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
6fc78a10e6cec8273bda821d734a0a76

SHA1
a24dad6c44eea92a3bc139f3a1f448992086da23

SHA256
e97bda1ddd518f73af8737999a3a1fad8a360dbb77a3b8bebc5244b0bf537154

SHA512
647213c10cd846737308f3e33892cab5732ce0bdadd1a816386fe70a40c8117b85260f78a795a3ae2c5fc76c03eb104e10ddb77b33e357631d51182170bcc7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe59196a.TMP

Filesize
671B

MD5
329941a3be30d44732e1ad2342086640

SHA1
81f37d904fa799204ac8c872529e38bf77524dec

SHA256
8612ca23e222da4f6a0719166ecb8e8a5cfdb281dc8b720e6b02e3007dad939a

SHA512
7d37abf9e72a46d0da9e9b8f009c36ac6315c8ae0279fa3b08b0b9fd03910bc36e5cdf7a0a592604c1d50a0238c11c8238fb539e17eaf948250c693e4bb8ac12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
28dea9a5a4492fcd5011d08eb61c4542

SHA1
9f3fcb422f5b77f49fd093a9cca4882f7e5ad6c0

SHA256
d0ae48f70dea07ddc72cebfab98cf0613552750422affa3d157e7f66b702b5a4

SHA512
78a84ddee64d5cc2155202c7686b126d44dd4c5affcc939f992e0a39f55bbf577c05ace6df3ed4e28e7f05b3dd1c8712802442704465dd2674d58348b0ad1cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
44131df033b7d2dda65075d2a778db25

SHA1
a7700506e4e04e76fd02025ce6e3999f030a5ddd

SHA256
5d42cea26ec203f19f403ba837194aba5b1dd14ce664e8fdcd41ceca6fb7974c

SHA512
b107ce45da37db8064922d49ad63a93e0c457524eaae85ef53bef35eaaf1cbbd091dac5c1ea331d9fc3049b61fb42df757c03eb3fa0a41f05c270fbb43071fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
56716c080561361199d718aeb83822f9

SHA1
5ac10291884b411932ff7b54b8297775f6bb5f35

SHA256
1fc05a8f2ff4b614ae7cddda590af396b231805106982694ce04e47ce04a5853

SHA512
f0bc4c7b7daf73ef22b96a7fdab04fe1727119524c781c1111b259db7d813f5cadf3e5c3fbf899304b21ddd1b5bd995a5a3c864e4f88f560eac5a6118a9a93fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
88107ccfb1f3d3ba17c944000b0acac0

SHA1
3127c6446e77b14227f5b785bc91d44aa60d5bfd

SHA256
ade252b4eed57c7582fc94357754ea8db1d854ea3adeadad92ce22d4fc6f1ca8

SHA512
35d6dad99d1caf9d4937dee20dd7b5e1ee127627454bf52b7c2dc4f69468689e5542bbb608de877b98911cc406383e44959ec007cfe02254e10faf0cc2260c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
152f2786349263f719c469954b2b7653

SHA1
7dd4c353bf86e83addd28ce6e2abafe5972e4fc6

SHA256
acfe06b1fabebff7e3f6949998474ff39c2dc6f0015e652f002bc6260b2d657c

SHA512
66c81640849d8669654ac0d3bce72a61ac537a4b56d7e726df5f0a0f87ce71e1c15b87652fc3da18f41bcda14acb48fe73e022f2ddba3bc4ec2355ef7411c86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
264405931163ec34be712841a4dc8034

SHA1
10c69b6689637bbe98b5b442e44ca6ac423e61f4

SHA256
76baa23edf9e257e4992d3058b6c124906db209e49b5b79d5e8abe1b20b1df49

SHA512
c1b2bbb862466e1fc4d2bfb70b579c529748a2c7bd6d63aac4f4464aac4abedb272e54b098b3249f527efd7637730693ab5f7951b9502d2ca442d0262a305232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a797a8edca43698ac85799a59aaf764

SHA1
4d936bc7e9f4ff8a6d8eb01c68657b54d5089e16

SHA256
8ff5db26227c8030765a7e639ee8233111de41d17fd8bfab005098e8a13af755

SHA512
96aa0a28b5e4fefed33a1f4a09e38bf346b1c64295845c2f591132713891e4589792d7863a2c3ca8feabb56a17ee3d51c368fe65b2d0becef2a941d459b47889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4a556e7c8ceb2cd90404cd8362d46200

SHA1
5a0344f0969f24a32e778e97f7aa6be4ac6fc6d7

SHA256
58202b0a51b6be14c91dff92e34b694abaec35f0f55c98d5cc32666d41a768fe

SHA512
1d143922fc88b26fe3e2d68ff67c006a6a8a84e767540124d885d489ad15ed869daa00587c50a1e56a42721240b1a9d7ff550ea7d767b038406bb3b188b75235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a70c5f81b289dedcb26c968f16543d41

SHA1
c24a9aee6de2badc194a0aa70c48789c89a7947b

SHA256
f365f6dd8846f02b789f9ac168d3e78d91389d0fa0fff515a967ca428a1e38b2

SHA512
698d70900245722deeee190c3e28de4a04c287ea173392609b86124a742b3688d526525770b939f7fc402ce2cffea4571591ca853542c5f879fa0aecab9a4cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1e1a1a02ac3d3c4231d9334cb620879f

SHA1
1cf13272b6ac384893e0da53c4976c6b802e31db

SHA256
7b8348bfe54de92574163050be2d82faf5d3218d24783685414f84170d94a002

SHA512
ace7e05c042c31bf73c439e682802678a268222d95b519396f6db837e4c4c91162844762be9d6e41e0cb952b1cf10143331285cf4edf4c8d86b0ec6e11f99208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b05fe8dabe504985a0cc047ed4f058e4

SHA1
92676d7bdf96cfc4cde9e566958106ed7c5da712

SHA256
e322b9410e98c0435759e8d25aa4feecae22ae7bfdee962a975fa5de03e134db

SHA512
9c9e0b67b616059855b7a78bec02b2e2bfa76be7d74173e1bac0d57af2d0168aaea08d24289d6e25f84e8272687d0011f1927a281d65b4d86ff5b5781c58a2df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3789da941b176a33c8bf74d78d13f026

SHA1
ca1a71e8377f138298914ff682fb43789117999a

SHA256
db034822b22420a588ac5a4d9c2d93976d45cf24b93b8575d5b39e4432bb8424

SHA512
dd31a286428cc20500951f4a4064fdbeef83ccb044105c68804205524cc90fd501e788b65df49bf0edbbffb6348d60b6e15af8baa8a22010fbd1ce7213bc6f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
672c3ea7698858ffde0bd093901a9f00

SHA1
bacf1b51cfb694c44a9174153e75dba3dbeea268

SHA256
96bf9f15cd96f6762257e62ba83d1a8ec5cffde641fe530e304bb3f8dc4e0552

SHA512
d6d6c40a25735ed01c9d98a041ccea6fdb7087d31f6371bca8a0acdd898fb5091fbf9dc4e704740e117900395be40a3a9248d0274bc0a8628e6dd3b964b5147b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f295a077ef592e1e6a1cae8cc44fbdc

SHA1
5e68493a88af7f0def02592ae0440e614e013457

SHA256
b8acc99155c273e833217fb837c5410a482c7dbc1403b511d5497a6aee1e6979

SHA512
0c5a1a0e58f47132a3fdf8e1fbd0827f9d2eddbf00ee3ad204ebdc58fee482633c36280f125410bf9b650223cb5feee2ec95ab718483db6017c687f5abed63ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe85fe7b125141bd62e82f089c31caec

SHA1
b0021e4a239f7dd1a695927f854abb4aaf685712

SHA256
679af69b60e0d1df122e46ce3538d85ab63c3924a11a0afd376ce89658f70601

SHA512
f40e762627ea899d861b37c60d0569829144c74f96ee67a9d08dc91b198a156d2a66c4c0824cc69b3fc0c73fea1cb69054e2853e1f4ff1a96cf7e257dde5e151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2a6084d8563cc4843db54408a24dda6

SHA1
5624c501b5cd347a79fe29c025ee5c0cafdfcaaa

SHA256
feac2fab7399347eab569ca59e68901103881635571a570422a13139215f1814

SHA512
06fdbf2043bfd6c30bb7b802f1958bbc750eaef8dfc239d685d8002e3a84243c0188a64dbe2ea2251098ea9c8045aef80f2fe6c25db01b795cd0cb7a7c750c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a25a978ed2f972cd1bfc5058de27e939

SHA1
edd8504d6c811c46141585b7f8d4d0e7e097aec3

SHA256
b9e2cbd0442382bb29ff18cea1e1dfee6dd445f0a8efea6c93df246191fbf8c7

SHA512
b3cebf97a0bdd6ca7d8f4636059d2ca0483c05259b78c1807ce9f22dcea2af1b5f12cad4096680aedb6884260888e0d467675c639667bd476785b84bacc5559e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ad1c94d9500a8fb0373d8bb7d05ac0c

SHA1
3c1ac104392a617df702ce2d0c0251c1029669c6

SHA256
3e73287afaf561154716ffdee1437c1574e077c28d43a96beae50d3bbb401729

SHA512
22f3b9a2fd79c4959da89b77bf8bca1f7312737c890ce29eed900c1acbeacb1996fe92c5340f9e700ffa81f7d1244abe6d05130be485068ced0a4983679c56a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5100d0a3d614b8283de63e9d853907c9

SHA1
3219875be80fae5bed07cc21f52d3397148bc77a

SHA256
d6d11d38555251c58c1ffb968d6fe0d0be5726bf82a5f2c17491b4e2a782761e

SHA512
68c44399f40e23937b8ec475cf8d21f9226902d8812137ca2c62c59838ce9a896b4e27cd4a8cde4b5e84cacc83829c437999a0e673efbe4abae0810c4b9d9d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb208c84c258dd988d6e26209c8416bc

SHA1
89740cfaa657856b38848fe0426069cf36684854

SHA256
11192c7e15fe2232780d191b439ca93459f9a575c70d9bf008168fa8ab0a38ca

SHA512
8ae298b5d0acd71af0f74cc6def6732a4e8f658ed2fc3355a0399b09c45017f97f973f2de406cf19e667de7934b23b16a77f3294ff6a6bf67e39a0afc992c426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f00c6284dccf6ddbaac3da5dc32551f7

SHA1
d0fccef8d69b2d368dfe533e928c9f4a21a845f9

SHA256
abff0b9c9df3bb2db334041e71c2d297fecefbc71e0da23bb6afd5b6eae3b60b

SHA512
881bd213cef2029451d059be5e7876255b17897e50339bb17521cb6fcae212af94a1402d44db418adfd25c47d8eaefd770d76e4ce70a1a5de4878019989f90dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b00c14dc41179d7cab1e9a88c45f7072

SHA1
fda7db2a8f66a66010dc32fa0617e6446ff238d1

SHA256
6ecaca8c03c600a14e341e89c971d72e415ef4f209b6aad54ab2f8d04cd14818

SHA512
910b9f06bd74b01c3fa38ec58174854abc8fb1c405ccc780f231ed129c7884adef905dfa1d50b986c7a73038382ba709cab3e4589462fc9e18b47fa5d090b796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e1e5d4927080657784ce0e9254da69a

SHA1
9163b0a60850ae8bc4c664840ef3a089fbfbc37d

SHA256
dee230d9bed92a814c1a692ad91733ba4571c6c1885cce5bd92ce74ca2e3cbdc

SHA512
813d2f26fd0bd00be3101c60097a863ab9a0f17bcbe7a31011631028578029f74ff631576ce5f1a9811d9f4a0a80938586f54bc30a6c4d18699f82cfe2bccd9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6614c869875673f6b746e3614f986ab7

SHA1
0774ca369925d9f65ce3a121dedeccb8eda52c76

SHA256
8062d9585a4b923ea92a460436ea6a9a9036f09a943ebf64e05c7dd554112ea1

SHA512
91ab616f247c1cef0d08f5403283733c2f02af98d4a8a8dbc6d16eee1e669739bdbf2ec63c1dc2a5d9d71e2cde1a17a037bfcd956c482ec7132237dd52d53c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04d4a543691a57af25605f829499f480

SHA1
c3315912d6a328416321905e9a0ac4fc00a8d30f

SHA256
187b8e1aab6df68a2b4f71f4b3ce3ccc155c64056e67d7b065628f149f28f36f

SHA512
fdb1afcb6e092ebd35c5fe72be676cb7f441cd0ef25352cdf6bb68d2e16ab0f05c3484e6aa7e8f0577cbc6111d5b8ebca436d5dda7e3ae8fea48e2931dfe658d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0760ddb8a4fb5436070ebe7c47ef80f2

SHA1
222e1c1b832a048c7579fe90d5f1bbc1ba376db6

SHA256
e969a993b494840189c81637a22d3df33df21030e1ad31592103876f15290c48

SHA512
dfc729c904f67d013098037c5c15c6090cbad7e19327e38f594b10524604fa26c7baed45e84117f4ff8b35122b8d67b12674637c5e18ff94425f13c406aa47bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d8388fa6b22a2ca76be01a22ac3bf604

SHA1
904420519d9de7b8861cc461871b231c0d46d8d0

SHA256
bc32cfdf89a8a40af3d41007ee9d86e2c3239216444abca807208ceceb8481b9

SHA512
f3d734a45d3db3843e65115fe06c9a4e407e62069d6e685323a5e49c6587e854dea5213dd82fd2ad0b6544c35521d17fcded44ad1129a32965bcb7ecf0a1f371

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.5MB

MD5
bfbd6cc26087166af3a64398260ead58

SHA1
c50f08bffce2a709dee9af3ae6b96bb482abd4f9

SHA256
95c5f519a5f729ec1205f9f1c69b3e370e468ed5d1c7675502a9c9ef227509c9

SHA512
c23683291b4b0e0f555fd715ba6e685faa5a952df95c70df69010e2f6c9f0fd7f593f030fab068207ff97583e049b52674e85bd41fc5901f817b4ec080d945e3

Download Submit