d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae

max time kernel
380s
max time network
373s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
01/03/2025, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf
Size

93KB
MD5

fcd1cdfe358c3b7c95e10cf72dbf727f
SHA1

7c5c487471db6b1702085fd880a931a819baa264
SHA256

d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae
SHA512

30ca7a429aa4b1b3a877c6b8b83e3f957c2cb5a7a06d2ad63e0be5e85ade27f0d3255d8c0c671150013c01546369052882f5db77997f3980148a8b7a3a47caa6
SSDEEP

1536:UHedaEV1N3QjlwBgiZDASIKwJJYut9OLod6/d3Vb4fcXwWx+7oRW8pO+W/O:Kedai/3ywBgirIBL1qd3VbrXp+7ow+D

Score

8^/10

defense_evasion discovery trojan

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
144	2592	chrome.exe

Executes dropped EXE 3 IoCs

pid	Process
2216	RobloxPlayerInstaller.exe
4048	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe

Loads dropped DLL 2 IoCs

pid	Process
4048	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
59	raw.githubusercontent.com
60	raw.githubusercontent.com
62	raw.githubusercontent.com
159	raw.githubusercontent.com
186	raw.githubusercontent.com

Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs

pid	Process
4048	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 36 IoCs

pid	Process
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
4048	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\localizationTargetSpanish.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\AnimationEditor\button_hierarchy_closed.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\PerformanceStats\TargetFiller.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\CompositorDebugger\clip.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\icons\ic-more.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\configs\PerformanceConfigs\rofiler.js	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Emotes\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\PlayerList\AvatarBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-online-8x8.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Settings\MenuBarAssets\MenuSelection.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\dialog_white.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\AvatarCompatibilityPreviewer\test.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\XboxController\ButtonLT.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\DeveloperFramework\checkbox_unchecked_hover_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\RobloxCrashHandler.exe	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\StudioSharedUI\ScrollBarBottom.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Settings\Slider\BarRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\DesignSystem\Thumbstick1Vertical.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Settings\LeaveGame\playernumber_strokeStyle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\models\AssetImporter\previewMesh.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\VR\hamburger.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\GameSettings\ToolbarIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\models\MaterialManager\smooth_sphere.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\MenuBar\icon_minimize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\PurchasePrompt\RightButtonDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\AvatarEditorImages\Sliders\gr-slide-bar-empty.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Menu\buttonActive.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Settings\Players\FriendIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Settings\Radial\EmptyBottomRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Settings\Radial\EmptyTop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaApp\category\ic-top rated.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\sounds\action_falling.mp3	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\chatBubble_blue_notify_bkg.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio_6x6.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\AnimationEditor\image_keyframe_bounce_unselected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\TerrainTools\import_toggleOn_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\TerrainTools\mtrl_water.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\MenuBar\arrow_right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\fonts\GothamSSm-Medium.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\avatar\compositing\CompositExtraSlot0.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\HingeCursor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ManageCollaborators\arrowDown_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ControlsEmulator\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\ui\Controls\backspace.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\sky\sun.jpg	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\content\textures\grid4.png	RobloxPlayerInstaller.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853169186230332"	chrome.exe

Modifies registry class 37 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-67acd0f240534e7b\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-67acd0f240534e7b\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-67acd0f240534e7b\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-788254424be94b4c"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-67acd0f240534e7b\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-67acd0f240534e7b"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-67acd0f240534e7b"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Xeno-v1.1.4-x64.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
2476	chrome.exe
2476	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
1976	Xeno.exe
1976	Xeno.exe
1976	Xeno.exe
1976	Xeno.exe
1976	Xeno.exe
1976	Xeno.exe
5044	Xeno.exe
5044	Xeno.exe
5044	Xeno.exe
5044	Xeno.exe
5044	Xeno.exe
5044	Xeno.exe
236	Xeno.exe
236	Xeno.exe
236	Xeno.exe
236	Xeno.exe
236	Xeno.exe
236	Xeno.exe
4048	RobloxPlayerBeta.exe
3820	Xeno.exe
3820	Xeno.exe
3820	Xeno.exe
3820	Xeno.exe
3820	Xeno.exe
3820	Xeno.exe
1044	RobloxPlayerBeta.exe
1584	Xeno.exe
1584	Xeno.exe
1584	Xeno.exe
1584	Xeno.exe
1584	Xeno.exe
1584	Xeno.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
3464	AcroRd32.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
3464	AcroRd32.exe
2024	OpenWith.exe
3376	MiniSearchHost.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4048	RobloxPlayerBeta.exe
1044	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 5104	2476	chrome.exe	85
PID 2476 wrote to memory of 5104	2476	chrome.exe	85
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 3212	2476	chrome.exe	86
PID 2476 wrote to memory of 2592	2476	chrome.exe	87
PID 2476 wrote to memory of 2592	2476	chrome.exe	87
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88
PID 2476 wrote to memory of 1584	2476	chrome.exe	88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacb94cc40,0x7ffacb94cc4c,0x7ffacb94cc58
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1720,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5032,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5196,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3456,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4784,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5240,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4372,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3424,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5452,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3452,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1108,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3640,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5688,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3300,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4780,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5800,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5872,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5824,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4412,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4456,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=3680,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6132,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5424,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5868,i,8556680793482422880,5284532377258416789,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2392
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2216
- - C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 2216
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:4048

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2012

C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1976

C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:552

C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1044

C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.4MB

MD5
1145171f03c5796e1e7573972625c535

SHA1
2dfb0bab4b86cda7ad09ca1ab13ed95fcec43212

SHA256
b89e6d19bb6334a1cbdffafe7081570a35ff94670768b7bb47a3cb80dded469b

SHA512
aa0066c0f9df3b78e122de71d57fac58f0cf4961ea4b3ce803f5e9ccf0bdf9a08ae19ed7eecc9158ef6a370845f84b7bcf967b473de40572f332e8f7525cfb63

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-67acd0f240534e7b\RobloxPlayerBeta.dll

Filesize
14.5MB

MD5
5547db0332d5ea03f99a6d86a242c8c8

SHA1
eb539ffdeb898d3732873110b0411498750f68d8

SHA256
ae71840949603aca6719a460135d139aed345c5cfe0c9e45675de447b25312a6

SHA512
49b22fd8e9dd1340e31c8f6d67f437ddbe1800c4db46200a0285c73bd1a65dd6deb5ae1aa66fe494651094c99f1c4656ed8f3762f4bbcf34cc35096ac3cde402

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f9c67a81a4141585ca42852011e82120

SHA1
359b8000de86a16d694017543e622215b5c62dd7

SHA256
cf6a2800afead46b97f6006172b1383ac801d4526e42605c60f35963f0754577

SHA512
452518cabda9997da8c3f69e90e01f6b9296160daeafc5a84daea30e4c19b7a8f56c9a22351dff99351d227d5f1f8fee27c3a136529bb49e4fdb2be19807b21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
62KB

MD5
c2d4acd7ee873ee1205bce41e8e87425

SHA1
777d7445531fbce233b7f98ee8a9e1b5f0a0b40b

SHA256
b3dff040c07baed919076a8f1866d4f1647123d3296108aaaaf1be3150238949

SHA512
abb489034c79da3095286482b7ca75ad809a62c2380c50212c69680fca0646b6ef361196a51eef3f75880a525053d3edf2dbbb136687cedbd469d6442fe36880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
105KB

MD5
da7fcae4308766368611b35916374158

SHA1
05a209260fd46aa423fc8dc987f4b1730efd82af

SHA256
6caaf6eb26118dd3e9fec44d6c8aa9158817d6599a15dc4d8329aac4bc9dad19

SHA512
c4d3c326b530f2f8fbc2367fadd36a3960435c7b00113a211cd001f3d9f4ac08fc58e8f26063869c37f425abcc8a7e68343ed9b96a90471aaf72658555173b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
864655897a5ca5b4e1839e853749266f

SHA1
de20d2eeb77381b615d39b93dc220ecfcd938ed7

SHA256
1d4cff9e0b9a884a8bb570e7f50886440d32a885d8b14eb9063c1c886dd5468e

SHA512
833c846b096a0ecdc242293dd876b2f1f06e6e87e2201fdc98ed71ae5f7f43fbdbbdee66264f209e32e9a0aaca9fa21c67971e0f3a7e937b4f67ab0db4ac098c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
75c3acdd1d8425b4923ec109e4367680

SHA1
f6200aae34e91b536f689f3e8af9c72347d2c34e

SHA256
1db6b038652048838d958434c5b484d38cf9bca63a26c1fe5be5db8fe0909440

SHA512
211b272c87805de892c2b98c7e6807e2c079ee24dbd032197e6a7c06234fe5b16b9c334b02a653aa4037dcb15de441da1caebf7e8ac1e6126e6d369635a35c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a41fc7fafb2b820854f8fcfdea5a3e4c

SHA1
9865026de245f35531a9b55ecee225f9e547e8b3

SHA256
15d8cabcceeb029ad018b6d891bef68e93c8f80e0ce114ce10d013b5fb4831b0

SHA512
885c94ec0fcef79020e183c6aea885fb07149d282486e75d2fbe92f0f6e4817da1a186269ea1985a11a62055d6abc42e6ed8cf7106121f22b399533d2a264468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1f13fbedfc5753161ebd3c1b43bf3768

SHA1
fc2a5212c512741250398183b94f1e43d414aa08

SHA256
2137379257e07fd5f3847461f8adae87975797bb5667b2305c09fe4bc00ae806

SHA512
2b66c46a73d78c07c0299743f9a6097c5dc300a39564ef32a25e2a9f2d7adb9aeb046c44b759e9a5f57a9417b782e355d1bb063fe3dcece99cf8df8d37d5909a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
09a24de812e8c53383de6042f2f894ef

SHA1
aa2fede114db37a59c5c3055db36772839a696f5

SHA256
ffedf70e9ad18c706555cfecf7f370db4de4ac92378d5aa8d8570134f331312f

SHA512
5160e4aeeef78975c92db68fc4e30ceef0ee0e90f5cb76ee5e21ba782b13d84573956527bbc9434ff4790cf37dae40d57afc14593743290b0efc74c3401d74b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
a717dc10a1783c6fc03df1b48ffba409

SHA1
618264a8625bfeb9bc91b72de639e599d9ba859a

SHA256
8f1c20f8ce919fc9ff8f648be153955cae66650f0927d1e385ed97b74b4816a5

SHA512
e7628eb6b0133d9c136db7d08ddf2e7f3f97519052d6b1bd6c7993c3200854c7df404f9b7bf3116a81801ed8b6abcb7c89faac9e36d211190167af37cd58f810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
1424e3a92bf3f62939c42962b0a389c2

SHA1
863985a61bf91289deda497f361e893deb9a4474

SHA256
e180aef8b8b0a713592867e8bfd52ab0a0c8eb104818c741811df6a552888776

SHA512
24675b184c7ab5f9e777b0d8a04ac29c9839452647c5c07b4809bccd7823f3a005a72341df44253e9da5526b25613c29c642815084cc3dda730ed00191c7c80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f263d23d916a06d1b890c1059ea83e1f

SHA1
412f7322e6e83832e460708bdd1c7b68054390a9

SHA256
2fe5339d6c92ab89765e130f6ca4cfa3ba0e33c432be4a12bd0431ac2e4f46fa

SHA512
1b202501c060d4e0361bc583eda7e0d3d4e9e60b1b33d5e9e5142f072e5a87ce555c97898ff7028c5da92663bdceb90a4f97fded4324ed510de802f8153d87ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8b3c1b664a7931446c4568a906e3a27

SHA1
4141e9d295b1c297a016815ade8dc8b1dee9e931

SHA256
c26747de3567660dfeba7c0b134488286d69ce664873f254b234349190b1b634

SHA512
91b770ba05ddb4bda9d23d60641f2523c359d9db869b564a60de7138ffa350eed938dda6c807b28c7fb04c2f2aba1c5bc6b67b92df6c555632a3029fd02dae29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d7c76d5f3e20bc503b316ed315adc512

SHA1
9913b99edd99bad1375913c8a92513fc68924f92

SHA256
7791a1b452e4b142313f185aefa20fc071234e8aa02a5531d92e184fd54fca09

SHA512
0f50e71c23600aadaeadfb87f985ee01872bfc0ebeaac1ab91eb7fd149513d1f2fbe4568918bd65d48ba8f20eb09559ed319a3e2b19efa724cd227c71f59e1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
06e98ef8099200e92e2b004b7adf8359

SHA1
32e209a07831577fe1667d4d1ca3be16cba8a359

SHA256
38be982faf5ef43cfe28bbdf41a5d28b4373dc585a79ece81debad878e4c59ff

SHA512
8fa1b928110a9239c0099bd7aff445567dc1073b24c72d8269d83ce7b4db4f14b4992df866df7914e7afde4651c730a5e3d1a1280bc9b02d00784132800d7a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
52daeb5aa30188b817bbc7b5ffd52661

SHA1
5b6c31d111fedf32d54a07ef27edba08e0328f74

SHA256
57d3577ef7924e8bdf8f93ec7742fbdf6e79166a2b6728276add495796d6e109

SHA512
64bffd09806242626a29a5fe254fd88d1631b24cfb0c61b9ea1182719803c4d2d4e5db73ff8d8456a74bad786bc810e0153ef9da5a11ea716905a67ef95e67fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
312fb212c0a92368a2e53cfb3a69e9ba

SHA1
5ebc73c00f9d078503819bcbd96475d670eb1af1

SHA256
9fd393beee700fabcacb0a0bf566c6dbd346dc0bf3a4814a83c243b107bcb61f

SHA512
be6bb34bae9172cd945954cb0e0adc50ccdcde6564301d9ea8f048d473f358fefbc442d1df909e01846477dc9cde7b7f8c84ca20eebdf75d5ee968c46bac0d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2f5def6e18d4b29231721602dbd8509d

SHA1
05b8cc7028915d85fbaff07fd917fad1b9630b72

SHA256
10889ca26643f4a8d5a753d515c6e08a7edb03dce573356f47331abe453dce73

SHA512
61e5ea93b6e79071181ba466c5f2cb384c99d564d39885942963990fda3d2ffb9daac96a1971a9275e0886b885fb150c14e2260cecedf753a2f898f23358e9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5aebaf8782bfa50440a85e4bb9d1e2e

SHA1
f4c7b33cd145498f5df4d484ac233488fe3bb603

SHA256
42de329ad4a1fb981350885ffe2b0d4e77bf07bfda3c14fc6ec8930e659c3b3a

SHA512
7dff646801a57215c5b3af40d6d6f21a0e59bd142f31a1241cda429cf2883a242417ecce1f59d1b5f61413e2585f4ce3ea771929144adc1bb791f288c10a9248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d08485a4-7f79-4227-9956-02e793466c78.tmp

Filesize
3KB

MD5
14747a8b134e6415560c62438ac5e9cf

SHA1
fcda6eb72c385413cb3681e8180a68f344e45a8c

SHA256
e15e0f5028a6243498006052a6899985aec9b6f25bc8194af95cd7720eabe6bc

SHA512
4c4b689d415fb547647102e64c25e607b07cddc705629878266796e447b956863d39639f43af53fd46a3c1577c9c7e9c3872af3620be296f2eb10b51932deb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da29c61c1865c40850a0ef8646a0ff64

SHA1
f794c29def2a5ef840564b38575a9b39c3fcbbba

SHA256
74f84609cbf8e429554bb638c507d8aa9be2d11ce47e4e1d1c2503591e9da9a1

SHA512
6b1d465ec55489fc004d9d671e79ecdd2fbaf723dca8c756e60d0d9a18f1502389ff3bb5b198ca708f21344ddc3502b437ebdec151f6a70c7b26c00e4e26afac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e322f4b6b02e4d58c4ec69014414204

SHA1
c7eb71fcfdb528dcf04ad6d0f4bc575b2051fb95

SHA256
7c278c4655061ed48d41a2da932dc74856ffeb9ba3c7debafa2399fdccdac0e1

SHA512
6e7df18bc8d0e668043c2094286de2124f82d7b1fbd0f6198daaa564141033c8331f7662b300cf0c6be01079508fdc81e9afd4fcbf45b4698243139b7bfb73ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b78ecea67ab878bf3d53407f3d3b6e3

SHA1
e6bce19f2712468c0cde25d574f7aecc7e9fc68f

SHA256
e8305028012bd541aaaf68684da5bd223612328aa62b1455c9dfaf3aa0a98b97

SHA512
6c19c2ba679906e865befc9303880dba07117a52f7ed64cb9ba32abece4e797dbf970a42da1914160d1d46002f21f89747242ca63f33adb850ea5de7fcaf6463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b132fda0b30f695a120df84df4896fc

SHA1
e5b16834bb2f307f203318886eeec2a6c6386c6b

SHA256
82fd79fce5b0c32956154d2592365f8db7adb645dc4d97c05564b2c59f55118b

SHA512
edba48bd064d4bc876c0e9c5e734a33c326a7a6000b53b831c3c6d35b0847e4824f89b1a217d83ba68118fca19b79ac636d43e222915d6a541ffd766c749a842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
304ce073a475e97cde0f6fbf1e329ff3

SHA1
86998a3e7ae6d20ef27c4176ceb817b925f2bc53

SHA256
ee7a2365bfbcdd97f786b21739400d1098d483c743bf8bcc16c08cc7ae7aa1ca

SHA512
5442f8eaf8b0e6df13abf32cdeebec3f09b67309b4bd42e40e277f1b0dbc5a9bc71441eed20a36ab0f2ed0b28c4a59e4c9462732eff4a30974d8a355d21faffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
459ab4b05269af64a6f7ed95735354db

SHA1
c01e04a94e5e4ce29a0be4c9fa9add3504148d54

SHA256
5b2d8b73e7c335b996d7dc0796e6f0b20ce130f2c02045005e083a0cfc2eb905

SHA512
ed57de8d03eb6708ecad464fbd1e474e9cfe5c8cb1fe01c7faa2feb040783c533ca9da132f935e9c0c08c76ff3576a1d1e14647598e9a734421b1698fd423eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d6ed113821324409c12d9537d40f44e

SHA1
4015f039c99abe0e35f878730bc6d3311805c177

SHA256
33768cc2cb93c6d762ea516b9057364e5b887c15fe72117f7091586187be2eef

SHA512
c12c8e048c479d1e730951aed3a93645580722afdbd6a3e7add85a119251305e8ae0430d25eb1d1ce368dd083b9833afe71b1f07a9842d012b81b82678a74738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8dfa1453a58db13525ebab0c3483f0b

SHA1
e1396220765814e7e05f02b30c48d4bc2bfde4de

SHA256
cb53d545b425ed96dc710a54cc00ae369dc1369e0fd1b4091f4bfb3044c9c58b

SHA512
8effa80f18f959f39da189fe9105b05ab51d9e2960fb89a1ca2ec10797a2de1321829b96f5b9660bd24c46bfbbb2cbe71250e923d0ddd532c60d320781e607be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
031d73d1ee090ba8dbd2692935cc2cb9

SHA1
cae9a395f20406de7b42ff6e2e96df2b2993bfe5

SHA256
a1aaf535049548e2ede8e8ae4a0247152d87a7c8a8b3bee78967bb058cfec810

SHA512
2ce33b269a7651496d8a001fa380b3db6c1cd1422bece8f7c6d0a7d9dd1b9e83620bc5361d92cc7f289b0f6fb3b0594fc43f2b78294d48e399f2cfe7e4592308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7ac23f308724a75624cdf0144b19fb6

SHA1
c9fec01dea7317226686c9ca6e1e314dee1a0f32

SHA256
d8cdf678616fca4688260d9879d0468672f73962a8e9e3e60627ebd8e9a4ecff

SHA512
3685d7312ec0c07e639b8885f7fc716ac7544c50ea593ba9e4cd9c38c05e8a93cddbd90ff1bf8695dac2cc0057554f3bf5ff5b7ca9227613c1c9303a5ab9150b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
958b8603d3ce9dc8ca8d3ecac1955b77

SHA1
19c63f027e66bc7a2688e4898a2f4d48eae82272

SHA256
67dc14ae56c1d02ae806ab2f31bc628de3f9f2d118aec9501acbc75a1afb0ffa

SHA512
36598ff838d264f3fda35e9a36e0916c3e371bed82ea82c19596ca77b15c6623f5e76d00027fa41899af74c7cb5717768f7864751bd603d108459dfff73bee52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05880e1e8bb59bfc3488ee1695d7503f

SHA1
c56424e24af816b5745f68fa294b6aedc5b42839

SHA256
966af4aec948b1365d858c7f784d35bae10e6b9a8b5af55adaee2cec024728a4

SHA512
b8f4da6465a57675237e66344f31defc1ab64ec34cff55b2821c9a553c08ff936765fb44e13e19142be35edb2dada7b5040d1b6129e3f3341042c32b5b9313b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e44e4306744af46678a9d7979773346

SHA1
85f58f428b2bf9630cd64d00eb727f052baef334

SHA256
c4a8fbcb34be4eaab5c62dd9ec44c81ec56d6ad7d0786552fd9e569f93e3b1f7

SHA512
532831594e379a7a1c8ffda97385ad24ca4b77c3ea4665041bc24117587e8fd4c50af22d981e5440301b53ea0281d5254c9f60be18c4bb955a448cd670e961b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa05367216a3df9f8c00c00335b49864

SHA1
942d316ed307c22dd2aaffc5a3f9f0fcb58def74

SHA256
87ae43cf877bebad97ea593ba17975387e4e51f5ca8f987d0a7437a7c38c1a7f

SHA512
a469d205fc771dbd1a50c486156753be1551b71dbc806a0873201fc35d39a5cd3254378b6eb5f52f6cddfb8894e7a7e7c4724ecd370656f0d9fcda91dba24b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8aef6bbef240ad06a68fe670fc154340

SHA1
918106a712fb31fc6e8cbf4f2883f23c9566688d

SHA256
62f5a8f73ff3b93d9036d194b0d0f3063e997c89f9e6ec89050f5727f7ff74e4

SHA512
2e2ce31ec727c9acaa4a5c40ac3a60115b603f319d69a07d50c738d872b9332e1c2656df03926215d000bff606e4e1cbce5364e06c0bd98a885ca77ff4b5f387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f6e36d8524b5c6e22a02215decf54f3

SHA1
c383a402cc466556b3a74391f49ca02da90af7cd

SHA256
bd0b56ff9c13007073c1a13d30919f2ed4e2f9408369d715cc1758690d1ae613

SHA512
33b73d79c8f60ab3adb84e7e0601da90108c8a02cd031a72285b17d3a5dcb58748f7aa99aa4be53ce0d0dfd05a88604c56f3aa55f896994eccc73a8979463aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d875729fc20f7cc274e058a72c6dbe53

SHA1
3ccf3abc81b2ff096c31f529bd7c7869dc2ffa15

SHA256
1f9af74e362b2ae556cbc32cbaf445559c7c44a1939b652d9f4c615ead1dd18f

SHA512
bcebb211f4153eff5fdcbe93a770a9adddac46ea094f2c272a4e8750055615ea81447c6f015c19518a8ec72ad22b315bb52b83159dc1426d8f3054f5a78306d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab02bace2e84570f490c5f7c2ae7606e

SHA1
f83273470a08213a9f392f3f6e38dd05d29292b1

SHA256
ccdae34165b88164e78647e5f84375301e1276bb0e2ee93ddb2a29f693bd882a

SHA512
daeb4b17d5de1cf93377b65e74d7b58504974db088a6245b22da78364f758c4d584bec2411eedb263b059430a80f2663c5d0f96a02f73e67ace9f1172a8d7f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\1\CacheStorage\index.txt

Filesize
76B

MD5
e380103e1f6fed63b666b646881db5eb

SHA1
ac18d4187b12a82597b6739e106e858ab387d691

SHA256
915d66a2348d8e45afd0114a3c6cdff71c30241ca2f0905690cb75ef5e2161b8

SHA512
b3d6065c6b6a1f935715c42bc1cbe056700b47859b9c295867d4a27acb32f2d9e8790a416856c1ea79dcb70e9b453a152418cbc8c952c92b34990e7c64812d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\1\CacheStorage\index.txt~RFe5b275b.TMP

Filesize
140B

MD5
daf5d68e993c8fb9c981658be915c332

SHA1
9e8b1f132f3633afb6223b37c2d3a94cb841cf9f

SHA256
f20838317c13c6e44cf556f41d884bc80c79abe2829229d9dd744629489bda84

SHA512
b11d6c07a830bad3cc53ec6003c7bee41b52d79c22a1cf2ce2c72b991a37c7448c1ea62f7c5969263943b396791a8b505f299e76e5c388a7f019b9f9473854b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
f65bf83597c5e868944363e75548bbfb

SHA1
8495596a8c9f7ea1d56978d82a8c699ca88b4db3

SHA256
85affa813f8631fa7feede5e901e666c46e71babe6c5bb9c068807f5313f2621

SHA512
c637bd73ee6cea6c979d659235fba182da5cabc27f016cb6ae228bfec16b05fcdbbe9c252cf996c543989a429ec99d99e90f30ad19f8fdd83b692aa0195a9ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
9d9ac833f704f2060f278b14e3e32c63

SHA1
9c92fe8dbc78e7d5b743c75311ffb14f878e40eb

SHA256
61cb07f49cad0f8494a6374a961e2f25fc4cb222b6281c0a41a65051583a67aa

SHA512
511d76fea9af9b67a51e05ce0be033d76427c7bd1df3f6f34bc5a80932786bb1fc76fef0ca51d9b7ddd56886e12fef64d48a8d11c6419d15ac750000131e65d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
99e54a70229164210ba6978cb0dd4c87

SHA1
90a7cf8e6ed5c3f3bd7ef464fad5fa35ba1111aa

SHA256
b6b17c20d9c1b0c6bd6e9db0847ec7e75c37f9a3f496978c7e41a6236ddb7f06

SHA512
9597cac1e2a63ac23a058e246a9026cf06696908a6e0f8c958fd51caabd76111011085487e054580766e98ec7ca101ed83ec44f0f77d7567051276fcb683cbc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
8e826bbb4841c0d9caf63f13c3b7c946

SHA1
b2605de864ee501f1ea2ebd3643997a27e5d2d62

SHA256
91a7966e34dc4227e5be91298fa2045b94f30e4f0f1aad047a4d2f2410a6711f

SHA512
8fe9f9607f7a17632178c99df1a8c845ca6b8badcd7e76b78478e2c8e7b0a115f9ee37e5ea4b53984e6ccfe8222a3e8003e8e7f58ae62f7143a19bd962108221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
a2057599d20c0817222260bff34bf1eb

SHA1
331fb1c962890438da622de61e9c64d35963807e

SHA256
34e76ab9cfa487feb102a2fa6d60842404d1d75bc5d0e2a749b7fd80db5ad7b2

SHA512
3b612b15f7247a056c86678f191c222b18df0aee29a0a656dba65cf8e8da202bae2fcdb3114ccfa3364ba1d0f68f83e5817d03b83b92e1d8fa425c14deb5d735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
93d03b5569aefbc2e72e1daff864cd29

SHA1
f598f1863f63759217117308c4891cd7e5038ce0

SHA256
52893d70d0814ffbe3686c910b36354fb9e3af3d7f51c4fcac9cc18f74f33812

SHA512
05b9682f748c971aac8a0a6f293d7560311be0e5f59234f34f7047f597ec47627ad806b0d7ae31e65dbae218933f7961fd625bc7e8bc95f7fc084ab5bae36ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
c5c6a1efb97401d50d1adc8472d2d6af

SHA1
73a8be668d0cb0c2ce32f6cb795f7b8e9ab82f31

SHA256
e120df0373432a9ee1acd3a75580798bd5dfe7974cbfdc2e1a016d92cb8fc46c

SHA512
c198904475165846f277042e000b8813c940e6af3dfb8ce839264cc3cf576de4a08dafb8c69130c2e251d5bae4bc928e367e49b976378504f37e5e2386ad80a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
565a06021ba854fa6bca7783af0075aa

SHA1
53c4b1ac7a705b7bd1b2ee659117eb4469d7670b

SHA256
2c29048662fecdf8b09b8bb6f65b274214cef528a0d039fc4ed6d7d2459ce49e

SHA512
3c38a45ea8e43ab7b8bac7060fb2d17b3af08d6af4ab5f5abd53418d3117bfd267567752d16da0e0e7af726f520ff81c96008066d389679987551157442a1d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
296KB

MD5
bfda5b94afdd5c4dea4b998d1f36e59d

SHA1
d24ad24ef2b888f5bf98b3403ef451457419ca28

SHA256
b8afc9828799cf812788632f42a4c7d210d5db58afacfa2b63d8d1088ac2affd

SHA512
b52243119a521832e9481971524aa9df3df2dcf2bd7ae94ffdf8ea554962e1f52437dda3165c63104947dac5e95e4c62959cda8dff6412325c71421a57bbecfe

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\47ecf97f-4c05-4cac-8d9d-25f55debbf5b.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
a91f18bf627c9f9e79ce6f06e210cc3c

SHA1
ead30f65034bfb0fc3353f7e18220d813fed1188

SHA256
be1e2c23c96ca607ccd50a58ebc5811e7656c782bd4c4758f5dc5431e528810d

SHA512
8391e8e789b17893195f0c985e0abc7a34ff0b8007fe14c51bdf87abdb7829813a218223bf3c362e7409f7f7b3ae5ce630d8a64d460471b6b7ebf84db4ba5ec5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
6d752f84e5d053c771c851095d3b9fed

SHA1
cd276904def5c61e39e1acaed2b7a139f9d49273

SHA256
d0cb1182e22ccdebbbbd7ee38279d4ee99058a99fbee95b0fdb11280905b90c2

SHA512
e426918e44317a6732ecf602b42ab44036037b8842c1aacc2b915bce55c80b7a09ce50a294151b6fd58569e6d516b5465da7fca3cec1b6a6cebf41084bf60c28

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\5113023b587b0781d0bfa6b0b72f34a3

Filesize
7.5MB

MD5
5113023b587b0781d0bfa6b0b72f34a3

SHA1
aef761626ed913269baf65de5569544b03b7c7dd

SHA256
626526921bdd420fbfda26b901b0889b21bf6ddcfdaf5f38b740f773e7d89cdd

SHA512
383a5d5ca29fa6fb95ab97ddb469cd4e76cc0ccfe4a71c887957a542c7a54039fc9aa90801232090b47c099f70ae2490e5a755b7504b7e67fa7f94323dbe3694

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
68b1fa9620e2a75e33ed3b962d1349d8

SHA1
a471c755fa76f7bb492d5e61a593a52ee868c41b

SHA256
ef5d9e07f4079fdd336116d47d1a54c2d15a6aed3a57ab21c5a0859c78665465

SHA512
a7d12855c3b674ddaece6ddecf817ba5d22f1e1b0ab8f0621ecfa088ee3ef214c158687b1b75352b7e235eeafb6934b23c797291f5043ebf3026bf5c5db8f8b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
2f6dd8323e1e82add39973cc56f652f2

SHA1
b7b324449112a3dfe76e778c4210d810f20871ce

SHA256
f673a2ecf5048ff49531f0acc750bad94be8ba0980637979d5a804782202169c

SHA512
57471ab7443c8fc3fced504ab88477be8881cee2dbcfa9a6612f13f6ed952c4d4733b4cd7c82ce7c365dac59d2918ab8a1a117d3ce30b8feb75dbd2494b2823f

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
7.4MB

MD5
443df84258f3cc21efb5ad185ed2fe4f

SHA1
22dc3b0c04ff55dca5a93856a1ff30cea6e5e7e8

SHA256
b982252fef5780ca193d07fb2754f721ef7869c2d583a09217b8d3c1e6d2ef49

SHA512
1e82a58c1ea297f761d4e1f85f45d16aa91d71bddc9df539c5e19e04f714f19353258337d6640b3c9bc51a77ed4fc2bffd0aa40102ec69eb30b01af859c5a1e0

Download Submit
C:\Users\Admin\Downloads\Xeno-v1.1.4-x64.zip.crdownload

Filesize
4.5MB

MD5
b9cdb732b1e4ec5afebb7915616984df

SHA1
6de685f29e3c665aa863a40a85c2742f4c748b23

SHA256
bf58f9a6d18ab45df57f517cef3c338628122be7663252f37c72add00de0619f

SHA512
0cb9b5a4b570237c03cef81f3669344b13785ff973a234ab1d65c2f259cb650b03ddea1884d8679b72fbb79b916f6acf481eb059746c5cf1ae0341b3c4c82865

Download Submit
C:\Users\Admin\Downloads\Xeno-v1.1.4-x64.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\bin\settings.json

Filesize
160B

MD5
a64b02c0f0cb0b32089d30f70895a569

SHA1
8e602efa81ad229051a980290895a476e68f71df

SHA256
40a5de67445ebb897c8f895f4c8e515964ba06cde4080847642749490bde0581

SHA512
5506899b6442ebe3a8af9a4fb9a452adbd0075c99ac803336bd7bc3e8c2d4d5641ff9d6aba27340e1fff1c2fffbd4d16abaa6ffec5a8baff32c834acb9cc03fe

Download Submit
memory/4048-1525-0x00007FFAD9E30000-0x00007FFAD9E50000-memory.dmp

Filesize
128KB

Download
memory/4048-1536-0x00007FFAD8B20000-0x00007FFAD8B30000-memory.dmp

Filesize
64KB

Download
memory/4048-1570-0x00007FFAD8BA0000-0x00007FFAD8BC7000-memory.dmp

Filesize
156KB

Download
memory/4048-1569-0x00007FFAD8BA0000-0x00007FFAD8BC7000-memory.dmp

Filesize
156KB

Download
memory/4048-1568-0x00007FFAD8BA0000-0x00007FFAD8BC7000-memory.dmp

Filesize
156KB

Download
memory/4048-1567-0x00007FFAD8BA0000-0x00007FFAD8BC7000-memory.dmp

Filesize
156KB

Download
memory/4048-1566-0x00007FFAD8BA0000-0x00007FFAD8BC7000-memory.dmp

Filesize
156KB

Download
memory/4048-1565-0x00007FFAD8BA0000-0x00007FFAD8BC7000-memory.dmp

Filesize
156KB

Download
memory/4048-1564-0x00007FFAD8B60000-0x00007FFAD8B70000-memory.dmp

Filesize
64KB

Download
memory/4048-1563-0x00007FFAD8B60000-0x00007FFAD8B70000-memory.dmp

Filesize
64KB

Download
memory/4048-1562-0x00007FFAD87B0000-0x00007FFAD87D0000-memory.dmp

Filesize
128KB

Download
memory/4048-1561-0x00007FFAD87B0000-0x00007FFAD87D0000-memory.dmp

Filesize
128KB

Download
memory/4048-1560-0x00007FFAD87B0000-0x00007FFAD87D0000-memory.dmp

Filesize
128KB

Download
memory/4048-1559-0x00007FFAD87B0000-0x00007FFAD87D0000-memory.dmp

Filesize
128KB

Download
memory/4048-1558-0x00007FFAD87B0000-0x00007FFAD87D0000-memory.dmp

Filesize
128KB

Download
memory/4048-1557-0x00007FFAD8780000-0x00007FFAD8790000-memory.dmp

Filesize
64KB

Download
memory/4048-1556-0x00007FFAD8780000-0x00007FFAD8790000-memory.dmp

Filesize
64KB

Download
memory/4048-1555-0x00007FFAD8670000-0x00007FFAD8680000-memory.dmp

Filesize
64KB

Download
memory/4048-1554-0x00007FFAD8670000-0x00007FFAD8680000-memory.dmp

Filesize
64KB

Download
memory/4048-1553-0x00007FFADA790000-0x00007FFADA799000-memory.dmp

Filesize
36KB

Download
memory/4048-1552-0x00007FFADA790000-0x00007FFADA799000-memory.dmp

Filesize
36KB

Download
memory/4048-1551-0x00007FFADA790000-0x00007FFADA799000-memory.dmp

Filesize
36KB

Download
memory/4048-1550-0x00007FFADA790000-0x00007FFADA799000-memory.dmp

Filesize
36KB

Download
memory/4048-1549-0x00007FFADA790000-0x00007FFADA799000-memory.dmp

Filesize
36KB

Download
memory/4048-1548-0x00007FFADA770000-0x00007FFADA780000-memory.dmp

Filesize
64KB

Download
memory/4048-1547-0x00007FFADA770000-0x00007FFADA780000-memory.dmp

Filesize
64KB

Download
memory/4048-1546-0x00007FFADA770000-0x00007FFADA780000-memory.dmp

Filesize
64KB

Download
memory/4048-1545-0x00007FFAD90D0000-0x00007FFAD90DD000-memory.dmp

Filesize
52KB

Download
memory/4048-1544-0x00007FFAD90D0000-0x00007FFAD90DD000-memory.dmp

Filesize
52KB

Download
memory/4048-1543-0x00007FFAD90D0000-0x00007FFAD90DD000-memory.dmp

Filesize
52KB

Download
memory/4048-1542-0x00007FFAD90D0000-0x00007FFAD90DD000-memory.dmp

Filesize
52KB

Download
memory/4048-1541-0x00007FFAD90D0000-0x00007FFAD90DD000-memory.dmp

Filesize
52KB

Download
memory/4048-1540-0x00007FFAD9090000-0x00007FFAD90A0000-memory.dmp

Filesize
64KB

Download
memory/4048-1539-0x00007FFAD9090000-0x00007FFAD90A0000-memory.dmp

Filesize
64KB

Download
memory/4048-1538-0x00007FFAD9020000-0x00007FFAD9030000-memory.dmp

Filesize
64KB

Download
memory/4048-1537-0x00007FFAD9020000-0x00007FFAD9030000-memory.dmp

Filesize
64KB

Download
memory/4048-1535-0x00007FFAD8B20000-0x00007FFAD8B30000-memory.dmp

Filesize
64KB

Download
memory/4048-1534-0x00007FFAD8B20000-0x00007FFAD8B30000-memory.dmp

Filesize
64KB

Download
memory/4048-1533-0x00007FFAD8B00000-0x00007FFAD8B10000-memory.dmp

Filesize
64KB

Download
memory/4048-1532-0x00007FFAD8B00000-0x00007FFAD8B10000-memory.dmp

Filesize
64KB

Download
memory/4048-1531-0x00007FFAD8B00000-0x00007FFAD8B10000-memory.dmp

Filesize
64KB

Download
memory/4048-1530-0x00007FFAD8950000-0x00007FFAD8960000-memory.dmp

Filesize
64KB

Download
memory/4048-1529-0x00007FFAD8950000-0x00007FFAD8960000-memory.dmp

Filesize
64KB

Download
memory/4048-1528-0x00007FFAD87E0000-0x00007FFAD87F0000-memory.dmp

Filesize
64KB

Download
memory/4048-1527-0x00007FFAD87E0000-0x00007FFAD87F0000-memory.dmp

Filesize
64KB

Download
memory/4048-1523-0x00007FFAD9E30000-0x00007FFAD9E50000-memory.dmp

Filesize
128KB

Download
memory/4048-1522-0x00007FFAD9E30000-0x00007FFAD9E50000-memory.dmp

Filesize
128KB

Download
memory/4048-1521-0x00007FFAD9E30000-0x00007FFAD9E50000-memory.dmp

Filesize
128KB

Download
memory/4048-1520-0x00007FFAD9E10000-0x00007FFAD9E20000-memory.dmp

Filesize
64KB

Download
memory/4048-1519-0x00007FFAD9E10000-0x00007FFAD9E20000-memory.dmp

Filesize
64KB

Download
memory/4048-1518-0x00007FFAD9D80000-0x00007FFAD9D90000-memory.dmp

Filesize
64KB

Download
memory/4048-1516-0x00007FFADB380000-0x00007FFADB389000-memory.dmp

Filesize
36KB

Download
memory/4048-1515-0x00007FFADB2F0000-0x00007FFADB320000-memory.dmp

Filesize
192KB

Download
memory/4048-1517-0x00007FFAD9D80000-0x00007FFAD9D90000-memory.dmp

Filesize
64KB

Download
memory/4048-1514-0x00007FFADB2F0000-0x00007FFADB320000-memory.dmp

Filesize
192KB

Download
memory/4048-1513-0x00007FFADB2F0000-0x00007FFADB320000-memory.dmp

Filesize
192KB

Download
memory/4048-1511-0x00007FFADB2F0000-0x00007FFADB320000-memory.dmp

Filesize
192KB

Download
memory/4048-1510-0x00007FFADB2A0000-0x00007FFADB2B0000-memory.dmp

Filesize
64KB

Download
memory/4048-1509-0x00007FFADB2A0000-0x00007FFADB2B0000-memory.dmp

Filesize
64KB

Download
memory/4048-1508-0x00007FFADB180000-0x00007FFADB190000-memory.dmp

Filesize
64KB

Download
memory/4048-1507-0x00007FFADB180000-0x00007FFADB190000-memory.dmp

Filesize
64KB

Download
memory/4048-1524-0x00007FFAD9E30000-0x00007FFAD9E50000-memory.dmp

Filesize
128KB

Download
memory/4048-1526-0x00007FFAD9F20000-0x00007FFAD9F2C000-memory.dmp

Filesize
48KB

Download
memory/4048-1512-0x00007FFADB2F0000-0x00007FFADB320000-memory.dmp

Filesize
192KB

Download