8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.23.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

defense_evasion discovery evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1832	RobloxPlayerInstaller.exe

Loads dropped DLL 11 IoCs

pid	Process
3032	MsiExec.exe
3032	MsiExec.exe
1528	MsiExec.exe
1528	MsiExec.exe
1528	MsiExec.exe
1528	MsiExec.exe
1528	MsiExec.exe
3464	MsiExec.exe
3464	MsiExec.exe
3464	MsiExec.exe
3032	MsiExec.exe

Unexpected DNS network traffic destination 20 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
11	5048	msiexec.exe
12	5048	msiexec.exe
13	5048	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\aproba\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-init.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-root.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\CONTRIBUTING.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\passthrough.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\config\definitions.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\gyp-tests.el	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\put.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\inherits\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\lib\compat\event-listener-count.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-find-dupes.html	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\families\Creepster.json	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\pnpx.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\readable.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\inventory.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\http-cache-semantics\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\uninstall.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\places\RhodiumUnitTest.rbxl	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\replace-info.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-explain.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\base64-js\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_common.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\reset-dep-flags.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\.github\workflows\release-please.yml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\common_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\http-proxy-agent\dist\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-convert\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\nopt\bin\nopt.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\verify\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\set-immediate.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\lib\no-tty.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\render-template.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\client\error.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\lifecycle-cmd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\symbols.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\package-spec.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\models\MaterialManager\smooth_material_model.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\bin\sigstore.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\CONTRIBUTING.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\err-code\index.umd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\indent-string\package.json	msiexec.exe
File created	C:\Program Files\nodejs\npm	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2Loader.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\copy-file.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\promise.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-fund.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-license\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks-proxy-agent\dist\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\sbcs-codec.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\defaults\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\npm.ps1	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIDB2F.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\MSIF563.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1292.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57d7e5.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEB9C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1214.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI15EF.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF914C4C4192C6EF34.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e57d7e1.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF4BFFAAF5085F20C5.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3378192992875C47.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF553.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI13EB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDB2E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDAFE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE5EE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEBBD.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF778E6F10135D9DC7.TMP	msiexec.exe
File created	C:\Windows\Installer\e57d7e1.msi	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2696	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133784426802446084"	chrome.exe

Modifies registry class 41 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-556537508-2730415644-482548075-1000\{64C8D52C-98F0-4001-AA64-0E71C991A8C7}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-b8e18f8286604778"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2624	BootstrapperV1.23.exe
2624	BootstrapperV1.23.exe
2964	chrome.exe
2964	chrome.exe
5048	msiexec.exe
5048	msiexec.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
1832	RobloxPlayerInstaller.exe
1832	RobloxPlayerInstaller.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	248	WMIC.exe
Token: SeSecurityPrivilege	248	WMIC.exe
Token: SeTakeOwnershipPrivilege	248	WMIC.exe
Token: SeLoadDriverPrivilege	248	WMIC.exe
Token: SeSystemProfilePrivilege	248	WMIC.exe
Token: SeSystemtimePrivilege	248	WMIC.exe
Token: SeProfSingleProcessPrivilege	248	WMIC.exe
Token: SeIncBasePriorityPrivilege	248	WMIC.exe
Token: SeCreatePagefilePrivilege	248	WMIC.exe
Token: SeBackupPrivilege	248	WMIC.exe
Token: SeRestorePrivilege	248	WMIC.exe
Token: SeShutdownPrivilege	248	WMIC.exe
Token: SeDebugPrivilege	248	WMIC.exe
Token: SeSystemEnvironmentPrivilege	248	WMIC.exe
Token: SeRemoteShutdownPrivilege	248	WMIC.exe
Token: SeUndockPrivilege	248	WMIC.exe
Token: SeManageVolumePrivilege	248	WMIC.exe
Token: 33	248	WMIC.exe
Token: 34	248	WMIC.exe
Token: 35	248	WMIC.exe
Token: 36	248	WMIC.exe
Token: SeIncreaseQuotaPrivilege	248	WMIC.exe
Token: SeSecurityPrivilege	248	WMIC.exe
Token: SeTakeOwnershipPrivilege	248	WMIC.exe
Token: SeLoadDriverPrivilege	248	WMIC.exe
Token: SeSystemProfilePrivilege	248	WMIC.exe
Token: SeSystemtimePrivilege	248	WMIC.exe
Token: SeProfSingleProcessPrivilege	248	WMIC.exe
Token: SeIncBasePriorityPrivilege	248	WMIC.exe
Token: SeCreatePagefilePrivilege	248	WMIC.exe
Token: SeBackupPrivilege	248	WMIC.exe
Token: SeRestorePrivilege	248	WMIC.exe
Token: SeShutdownPrivilege	248	WMIC.exe
Token: SeDebugPrivilege	248	WMIC.exe
Token: SeSystemEnvironmentPrivilege	248	WMIC.exe
Token: SeRemoteShutdownPrivilege	248	WMIC.exe
Token: SeUndockPrivilege	248	WMIC.exe
Token: SeManageVolumePrivilege	248	WMIC.exe
Token: 33	248	WMIC.exe
Token: 34	248	WMIC.exe
Token: 35	248	WMIC.exe
Token: 36	248	WMIC.exe
Token: SeDebugPrivilege	2624	BootstrapperV1.23.exe
Token: SeShutdownPrivilege	3664	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3664	msiexec.exe
Token: SeSecurityPrivilege	5048	msiexec.exe
Token: SeCreateTokenPrivilege	3664	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3664	msiexec.exe
Token: SeLockMemoryPrivilege	3664	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3664	msiexec.exe
Token: SeMachineAccountPrivilege	3664	msiexec.exe
Token: SeTcbPrivilege	3664	msiexec.exe
Token: SeSecurityPrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeLoadDriverPrivilege	3664	msiexec.exe
Token: SeSystemProfilePrivilege	3664	msiexec.exe
Token: SeSystemtimePrivilege	3664	msiexec.exe
Token: SeProfSingleProcessPrivilege	3664	msiexec.exe
Token: SeIncBasePriorityPrivilege	3664	msiexec.exe
Token: SeCreatePagefilePrivilege	3664	msiexec.exe
Token: SeCreatePermanentPrivilege	3664	msiexec.exe
Token: SeBackupPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeShutdownPrivilege	3664	msiexec.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 3128	2624	BootstrapperV1.23.exe	78
PID 2624 wrote to memory of 3128	2624	BootstrapperV1.23.exe	78
PID 3128 wrote to memory of 2696	3128	cmd.exe	80
PID 3128 wrote to memory of 2696	3128	cmd.exe	80
PID 2624 wrote to memory of 4648	2624	BootstrapperV1.23.exe	81
PID 2624 wrote to memory of 4648	2624	BootstrapperV1.23.exe	81
PID 4648 wrote to memory of 248	4648	cmd.exe	83
PID 4648 wrote to memory of 248	4648	cmd.exe	83
PID 2624 wrote to memory of 3664	2624	BootstrapperV1.23.exe	85
PID 2624 wrote to memory of 3664	2624	BootstrapperV1.23.exe	85
PID 2964 wrote to memory of 3340	2964	chrome.exe	90
PID 2964 wrote to memory of 3340	2964	chrome.exe	90
PID 5048 wrote to memory of 3032	5048	msiexec.exe	91
PID 5048 wrote to memory of 3032	5048	msiexec.exe	91
PID 5048 wrote to memory of 1528	5048	msiexec.exe	92
PID 5048 wrote to memory of 1528	5048	msiexec.exe	92
PID 5048 wrote to memory of 1528	5048	msiexec.exe	92
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 2184	2964	chrome.exe	93
PID 2964 wrote to memory of 4900	2964	chrome.exe	94
PID 2964 wrote to memory of 4900	2964	chrome.exe	94
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95
PID 2964 wrote to memory of 3144	2964	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3128
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2696
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:248
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3664

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding A52A76A4819FBF09E1C69713342D5787
  2⤵
  - Loads dropped DLL
  PID:3032
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EBB637AADF43CD75196F562FD9331241
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1528
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E1FA999B602977675EA2B1DD9D6186DF E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3464
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2320
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9edc6cc40,0x7ff9edc6cc4c,0x7ff9edc6cc58
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4344,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4304,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4300 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3168,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3320,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4264,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3448,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4528,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5300,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5448,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5488,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5816,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5808,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6104,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4892,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6048,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6032,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4308,i,11300934956246405236,2420560156701078289,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1308

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57d7e4.rbs

Filesize
1.0MB

MD5
1ec21930e56f0988c8a17a8d5df57a3c

SHA1
94df30504644e8e568cd60d8883bd4475d33705b

SHA256
12c6cfb1d815543b28b6c8ac49a551a508f40809d9ab019f30cc0c50dae71d39

SHA512
35f49172c38f92e0121e3217937a2e0133cf2a4d1c5e4ce36d0a89a956af8d05b8fb849ff2af39cc3fd10bef74743405fb1050e5972b7b7cef6f28d2756ceca4

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.1MB

MD5
f7f075d6cca390dbb3195330dced1bfc

SHA1
2a6624ae08c077034b3b41dca1376287f7e0cb43

SHA256
97c03bfa6193f0d5f897eb78b1867c17790b085fe610d0e1130e9a80e36d5577

SHA512
bbb4389ef71eda38ca80a999b5a6616484547b72974b906a7b26939eb5b5d911dc68d046a371a3791e8b2c7557b987e94a52fdc9cd7cc9e6996e3ca5371004f6

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
af71111d60b4ef045aafb9df6271e0b9

SHA1
15811e4f818dfad67990bfe84e8126b0d98447bd

SHA256
832e55b15a1595cbf847c6444b88a38dd7582b627958860ece147391c3682062

SHA512
1f8e80e6702daedc070be66e5a7083f87cd18294eaa9a6ccf8107334c735a375747610b80f295dfdd0db226450db1057b0639ba7e64d6e40497c02aa33a2c03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e5

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
40bfcdba00aa6abc273d722a23e322c8

SHA1
231007429dbd493297b2a04e15ed4040fcd30e1e

SHA256
7f50ebb49c9a15d1323edb97bb3d20a4cf78dc1f56cbdaf022fb752e15f19bc5

SHA512
fe34f97021974dd234d978aef1ed17293c6f8356399093d8cb5862a6f48755867079f8c7e284263e0a082d1dba06ceed2010091a48b0d10f1328b4e3a2806e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
21d321e7d98f76b2bcdf0a5e8a5373fe

SHA1
8d762668d4dec29792675dbc7f046dbe6d9d1b48

SHA256
940be4bcd7ef5844c56ab157639d1d1493f7abc7378a4700ddcce7b0d796cac6

SHA512
45fbe6899b4bd7e04e39e8e8e1b1991dc866cea8b4980cdc0fc95112ce9fab254f0554839a3d3a64cccffafaa5785233ab09f72624fefd23b14db86963a2656a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c95935103b5e7cf82e82e89f2cfb3bf0

SHA1
cac01e9a781c76a7dfcc5f2ea9e3d75178e9e959

SHA256
048ef7c8c6a9debc7f7ec73b5efa22cb4e5eac578c9202ff6922af375e7ce88c

SHA512
7863d4a1441193d21149eb517b28f947fb57efe07d95b4c1daa36d2ef1541d5e180c6fa773d25cbc35f421a274854ccbf1217921b5fcf2264ff775002be0e927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d1535d9db1da606d54b1bae49cdb52ee

SHA1
d8f8013d7d25608fc0958908a6c255a9aaaaabf6

SHA256
3f4b77416b604db675d4b78b843b583ecb538c45ca9f51a1985c11aab7c43830

SHA512
f1c135623c6f6b4666e6e1c792723425dd3a653a9093a911451b39bc5c38172cce629f67e5521e64978c125b335c08ee3b89f5a1dbb891e8e93ae45d3a5ef0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
b3ec210b162a2e12643d5c4fd1ce5913

SHA1
06de7d9e24a154f83518db1859dbf4f0106697af

SHA256
a602cd70b283f8d578b176622e250488c5087b53266b6104f34ba1851c63d10d

SHA512
a3aae09a77aae3d89758db11edd14b130759c01a77f6ad5c734f55311a44ac90cd4bc13156fc081b3762249022f9f14e26ed1d56a125f78149bfda04120c577b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
4aac92978fe8368a4749908a297fa5f1

SHA1
4b30b1af66fcf5b5792c1cc4ee3a34e4c7ab83c1

SHA256
4bc5f7087afa27a359894458df98569c59fae456d23dc35eb4c0e98551480c78

SHA512
36e7e3f61aa2f2220d389f13ac5a96a65f8a71d1d357b8946d23d3b218577f7de9170aa629c762636454cdaa21e06cdb0e817e43b47edd040c3132b2410d9b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
618d91a05ba3923b147c1573083d6b38

SHA1
a62530a6537bf3aa3c4e25e5e9189120882d20d3

SHA256
e41bcbabf0298a0009f17aafb8341821e110097245a6c475d881a4cc8e6e8b99

SHA512
3705c64957c07e8866090a8d3eebcc342adf83e8d23f8691e6c863896b7da0104c28d9a40e38ecc03a7357a268c05105cf4ed5cf850fd9b984ea608e9778abf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe596095.TMP

Filesize
669B

MD5
e5c314c0352693c6cbc9b77d25daf48d

SHA1
f44c6d8472b2884aaa2af1d58bd42ac3c3ce37da

SHA256
4c42ee59e26b6b8a9f70bcd7b930fbcf2cebe2ed4a40f7ab10aff05c8f8be8ab

SHA512
2c2f0cd26db08626334281f567f7c44dbaf3a90f91ca15d001e6909c7e4fed4924fea0ae96743214054a5fc33d434c9c86700755ac394e89a2f8f28a56c9565a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
0625c2f22ce741d7e385b6667f527a9d

SHA1
b696ac8f6b97526e9117f10e2dd78db641120ca4

SHA256
ad01ec43332e541ccfffe367bbec6581d529faa9b160698ad417771279a07c0d

SHA512
2c3da846ac2e7314b769092ddce218d2c2e01dd28166c763acc65927bb2c052d5ca9ea72b5401f245eaab669d560b2c43e6c54271a789fd12dbce12e7f08dc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\547e6e55-19a3-496a-a28f-f1ac24180ec3.tmp

Filesize
8KB

MD5
f6b2e143250ec0c32ea02060f816a061

SHA1
e79955ee052a6b3a718c90ef9f96586f9e7a497d

SHA256
965ec815d26a8cf786874a9473ca8265ca95f7f3a5ac4d981cb2609c951ce984

SHA512
882c78547739526bd3e0f0f851feaec6c5bdb10658436b31759c5bf0c92b4e566eb9349a62721d3b827ce6cfeadd184210dc7ab746b3a7d5304b2d4f0860c48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6a1c471558f1e55ef321a63673131107

SHA1
f5fa7e671261418a6203efbdfae6a8e6eb3b4894

SHA256
c25c5bfbdb19514d087a5e5c6b5f5f47d5038ed4544e91fe76890c54726486ff

SHA512
5f8e9fced7f479ea8d0daaed158ef7975098f54f56823b4d717f8cf442d6536d1e4403f5c0e08e4e84e4c42d0cd64dbf8c7a8db43da6fe92013608ecfb967641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e685834a0e183408fcc188fa9655b534

SHA1
e53c7c42093ca9a38c7d247d89dd97138b1855ef

SHA256
aa7fa702da249a31d25fdb527915ea727c446f23a2fd652e9de78eeea80a11f7

SHA512
32a4e218b14bbdb607a47ca63e6b9150c10057f6ea211800f87c60aeac424d5c9416e03e5ddb1cb818e9e56004ceff49afa9745707aeb2b45906e82619392c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b78d042372191eae304d2dee32f8a51

SHA1
d5817dae06f8e2b3872ddd442495179b37899755

SHA256
d457935c8e38969d82e8cdb654e8cd3db081f2f0c9d8629e03bbbb9d59586696

SHA512
9ba9d4a13938889490cef7997e06d461b5f305ce5987bffbb7e95b3bd0ec329e31ce6e08d4264de41415f0b6b6db422a80757017d3aa7833a07d1db2db7421c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a5e9647ced9eb04f74c7e2fb6fa92446

SHA1
82d07f29c7ca7a9e41de48c62ab22644391e7527

SHA256
f67f8c2475774aab48024ad0841917ce36ce772d5040b4296db6f6856d31c1ce

SHA512
2412ca369661eb8659f42dd8b2aa241ff9d795ac5782a33ff29b960800c4a63858967b31f9bca0a4b9fdfca6a7099f5f13bd3d78bf23121cb088220168ddd105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
abfffd8959ca26007afe0235899dc07d

SHA1
70a6294ff75fd70f394e250dd85d96348450b62c

SHA256
8ddc444ff6b25dc874658b99e0aa64d615cbf96c6ae3c13b4d271694ff69eec0

SHA512
253df07807ed0080afaad61b546a912bcf5cd6b302a869da8c6ba6ec6d08327ce25342692920ba1a4612babba73c60530641cc0aebb5ab370227ff6802a2a65a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
724ccb641180317fcb7ebc2fef7c43e0

SHA1
f6fc6f9c29f1faa654b476ea9bdc53ae267d20c4

SHA256
3c751acb7d5c1a3fc39355a453d7f0efd71385caf5c2500b8892a08d25d7430d

SHA512
4f79345b83ac9dad78fc8d30861cface8aee683b462d380c58ac34a8a4857d094bf859e8e0dd442915e4f5e230187de842c34bb9e128e9d88e2b6d163420967b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b9831b2218d5dc7bce74fe44cfece227

SHA1
c26f58ec4f4a6dfa16e46467e6d84da27220728e

SHA256
48c0fd3f4aabc1b40d9ef4dcaed7e376613bf14d292cd1d54b4f68ed3c4a0323

SHA512
734f815deabc85bb58ffe7a09db58ca4e4d6215dd89cbd281ec9594b49448ca8ab369d6af02273880a6f9ebb0ddc7cbfaa0043d0b8f77f8b84aad6fd0c6dfb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cdecb12090b7ed0173177d0106242c62

SHA1
a5d04fd9bc56bc928c74c00acea999d60310518f

SHA256
34103bd84bc49f4d8d407ce6c81a16c5403ea4f204eb8338eb395d8ff8a5c50a

SHA512
19be04c2363009523e448d07a119fcec05c45ec48a627e6dc3ceecfd1e5ae67cbb1a202f6e2a99ea1f18aeb3d18eb95b0ac7e0d976871b09942acf84b57aab59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c3acfbd2eb96e0e3ba0570dfa12356f

SHA1
a84ca0ee957bc191235d416a4f60ec0cf25042d0

SHA256
d347b986b0df26c83617346b0f32e615ff5fdd87ef427b39c1cf9446f7eddc3b

SHA512
a671e8560a437cc1d9c91e37faa3e84412ecdedb116c7e37bf6ebe3ad91325f8ac89c57c6eb88e3f176565c20b95801cb4a1f840e2e0cbbb63a6a0b35a2e4c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9b6fe7a71403b2a3a6f5f7ff3344e0d

SHA1
c99c24a4c09c18fa701448fa20cb6e338fe6a6b1

SHA256
14072a3738e0a3f4e2eef052df6beb7105209834ac7e8cc6817572adafd593df

SHA512
e72576f3a01d3dc010cdb8191ef93e5ff6c54ef39b8643ce4f230fee905056bd7770bcb8a5921ab3d914b28fd0f570c61cbffd1bd7e78bbaa305f07c4a6a9757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f656fd072109c2f0c75c6a0d3ddeae0

SHA1
c4cc8e8a366367a2843217b12c74f2ff74411636

SHA256
c9c5518d70af342703eab7c9843974551d0c9e9fef6e3c9be582083afde0ea1d

SHA512
a458e7c679232a4dc0c58f18eb9e2538f76c5237536990399e3aa5376f55c9dafa5fdd66f1ed7ccfc7191ccf7039d9767c4964f4816119bdd0b61e37dc52fa7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c4df442993507caf6c60cf63fcf6ea7

SHA1
11927c24d17082f27ba8a693b58612d4d306ebe6

SHA256
32ff80fc8e5d6ddb6460ac1f4c692b5eb9708071377a0c22e784f7936372cdfd

SHA512
8b5d4c95c09483f52f614447a0d37666b1f58a571c742fc7ba4c862093f0308a7104072f9299ffa728c6f52fd90a81441c0d89a2ea6755ae0662de9ae162ecc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f3b39e52a6f05ecf6e2b2e893aed61d

SHA1
d0e532b5355e53f33c7d16999374d0ec1e1f7935

SHA256
8a095f33131904a93c11c28d9dc1bb4544c7c56a5086846d8e5386af442e1580

SHA512
850abd2b5c0f3d668020cbf60cfd55d9718047eb04b263a79b23edc4f83d86bfdc6b6c16d1b8da12464cc273d7c81ee1e23bff8c3b623752aa7de01a6b20a58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d33bfa20db008245a86c1af83952df20

SHA1
14da3a601835cea46b39f64eab1898a301b5beec

SHA256
6a814a9393abc6aa87e007642622d7c10281be64361b45ed94add4c2f23448c2

SHA512
f0c1387693596003b003450cdfaca3a9e4c837c500f98bfafa198fd4a7a572078cd720a0e7831582d8a4f4ac8b25983687875ceb20f43fcdaf2e06acd04182ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66ed5f01a5dfe7b65d1b9a954f43d661

SHA1
56a9b99f8b2730721ebeca5d75f8d6d291586a86

SHA256
10f8a30e31f253d8408217051d6b7a5bcf54fafa817a07f1ac4d3d3a8ffdc7ba

SHA512
94e034cbcf0b113ae132e11dea9d28aa04e132275332d04717a7899c06f29893f461d63a7db808b88c88c344ca73cd95aea20d7c6e0ee6a1c0ae9f2c86555029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c95419f72505c1343612895a95244f1c

SHA1
fba3d6f67184c1839c034df38ef20d89034b7669

SHA256
f0a4c2fe04d77bb016dbd4048cd31911d8c1bfcdb659fafa471aa74e6baecc1b

SHA512
58275bbb81d7e3ba571cdb8d185709dc0f831b2e53c9775c206b0886253bc3d1adbe8e9ae8df93fcc903609b4c614d2c52c57a28e8ccf96b0c1b579beaba4e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39aff9d44b880c28e5572b959aa1bb65

SHA1
529df437882cc68347258d9e32657cdaab1ca0ec

SHA256
96c8ca37c95aa404acc23d2665a12d82bfa3326d6d5aa3e4c46dc756afbbb435

SHA512
2cb204d3aa42b7f17037e111903f92cf77f2ca458058ef31d4d64c47207f486b31973ec6b553c703aeead7fc01521c34a152ef8c55f4c1dca113eb19c5596058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6ab0bf5b1c3fa48c5952505c79b1d41

SHA1
f40a7359e799b5a3c7621a66b11b51c1482808ce

SHA256
204566613a0263df733eb696a5abfbeae419d73af24042418b36d57445decdfc

SHA512
8ffed5a39e690b867f81286cd140a12eace0afb6b552413fd8887f6c2df90e877121258de98e3d9003656a91d85d9873cad0fcf36f34467743c5c161f4c52838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7cc9dbadfda879782eee1a14b33fd272

SHA1
15138f961c67eccf0b34e34371053dcde6624fab

SHA256
fc7a01560b2e4748edcb756ef6bab77c7afb27235993938c5c83c51ea8b3691a

SHA512
07fd779988c5447bd2db4dea1af70785fa4f40e69b680ee602e89d0299863c55611164baa7c53f25f515de52aa71a8db1d43318f67b48fb726f89f9872fc2de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8c595010ad1e0b974922cce8bbc974ee

SHA1
f92652274aebd526a512be79ec8318c354c178e9

SHA256
bf692650ff167bcc166e6324f40c5547c79ed9afe64acb5fb1266cebb5840e93

SHA512
85b003624729cd112612a61e7b49dd00266d7473087372862e19976f63ce486d7a95419b8331318344a65b2f61c11adbadc6ea792a0d299be03501060e39a0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
12ce82d640c65314761af62e7854964b

SHA1
917134dffa5885325013bf7e9875e7ccd41d43f7

SHA256
28d828605190794540eb4c0cc8d8f4cd7d8d800e503561e2e040bc3cf738a55b

SHA512
3f0c7cb7301825a270ee747115496310c04ce231d6afa2608359f7f2d5e01426114fe68d06dff3f834dd6b1cf0e3b7b50be9553f90785368af6a20f856c4cbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
f34c9e444b26dd363533560e3ec3d372

SHA1
80831f42e827d4a3dbe94c08e9bacb0489e9e294

SHA256
b9c944f4fff155f56b1688a7410c60766f8ff77c87a9b3483ed367621ed9149f

SHA512
034ec443ebf9066c17f582052166f63d94974b6bae57a6d93ff3b4dc47cf98a6571f25def82297acfdaca3431ff80857cb947b82ef6b214ab62ae4a04bb547a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2964_845189534\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2964_845189534\dafad2f0-d68c-4274-b031-5f6e769d4475.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
7.2MB

MD5
a1c0810b143c7d1197657b43f600ba6b

SHA1
b4aa66f5cdd4efc83d0478022d4454084d4bab1d

SHA256
30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae

SHA512
8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSIDAFE.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIDB2F.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIEB9C.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/2624-56-0x00007FF9E0870000-0x00007FF9E1332000-memory.dmp

Filesize
10.8MB

Download
memory/2624-0-0x00007FF9E0873000-0x00007FF9E0875000-memory.dmp

Filesize
8KB

Download
memory/2624-2847-0x0000021FA0E40000-0x0000021FA0E4A000-memory.dmp

Filesize
40KB

Download
memory/2624-5-0x00007FF9E0873000-0x00007FF9E0875000-memory.dmp

Filesize
8KB

Download
memory/2624-4-0x0000021F885E0000-0x0000021F88602000-memory.dmp

Filesize
136KB

Download
memory/2624-2-0x00007FF9E0870000-0x00007FF9E1332000-memory.dmp

Filesize
10.8MB

Download
memory/2624-1-0x0000021F86810000-0x0000021F868DE000-memory.dmp

Filesize
824KB

Download