hxxp://(hxxps://rinku[.]pro/OY8U0zAS

Analysis

max time kernel
559s
max time network
560s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://(https://rinku.pro/OY8U0zAS

Score

8^/10

microsoft defense_evasion discovery phishing trojan

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
38	4400	chrome.exe

Executes dropped EXE 12 IoCs

pid	Process
1680	jjsploit.exe
4612	RobloxPlayerInstaller-RKJ77XY9JT.exe
5760	RobloxPlayerBeta.exe
4328	RobloxCrashHandler.exe
1636	RobloxPlayerBeta.exe
6912	RobloxCrashHandler.exe
4196	RobloxPlayerBeta.exe
7068	RobloxCrashHandler.exe
6796	RobloxPlayerBeta.exe
6356	RobloxCrashHandler.exe
4588	RobloxPlayerBeta.exe
6924	RobloxCrashHandler.exe

Loads dropped DLL 11 IoCs

pid	Process
6132	MsiExec.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller-RKJ77XY9JT.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
82	raw.githubusercontent.com
218	raw.githubusercontent.com

Network Service Discovery 1 TTPs 3 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
3868	GameBarPresenceWriter.exe
4872	GameBarPresenceWriter.exe
7120	GameBarPresenceWriter.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
593	4400	chrome.exe
614	4400	chrome.exe

Suspicious use of NtCreateThreadExHideFromDebugger 64 IoCs

pid	Process
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\avatar\heads\headE.mesh	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\fonts\Fondamento-Regular.ttf	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\9SliceEditor\HorizontalDragger.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\StudioSharedUI\scripts.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\account_over13.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\Debugger\Breakpoints\filter.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\DeveloperInspector\Record.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\LayeredClothingEditor\Icon_Preview_Animation.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ViewSelector\bottom_hover_zh_cn.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\api-ms-win-crt-stdio-l1-1-0.dll	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaApp\ExternalSite\guilded.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaApp\icons\ic-favorite.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\TerrainTools\radio_button_frame.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\AvatarEditorImages\Catalog.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\AvatarImporter\button_avatarType.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\TerrainTools\button_pressed.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\TerrainTools\mtrl_glacier_2022.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\VoiceChat\SpeakerDark\Error.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaApp\graphic\GameDetailsBackground\abkg_general.jpg	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaApp\icons\ic-more-inventory.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\fonts\Nunito-Regular.ttf	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ControlsEmulator\Reset_Light.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\TagEditor\huesatgradient.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\InspectMenu\selection_regular.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\NetworkPause\no [email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\avatar\scripts\humanoidAnimatePlayEmote.rbxm	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\AnimationEditor\icon_error.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\TopRoundedRect8px.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Menu\hoverPopupMid.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\AvatarExperience\AvatarExperienceSkyboxDarkTheme.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\TerrainTools\mtrl_sand.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\fonts\families\HighwayGothic.json	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\AnimationEditor\image_keyframe_elastic_selected.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaChatV2\actions_notificationOff.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\models\ViewSelector\Basic.mesh	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\advClosed-hand-weld.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\RoactStudioWidgets\icon_tick.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\Controls\backspace.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\ui\TopBar\leaderboardOff.png	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller-RKJ77XY9JT.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\content\textures\FlatCursor.png	RobloxPlayerInstaller-RKJ77XY9JT.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-it.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-la.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\adblock_snippet.js	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-es.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\Part-IT	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1327660918\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-da.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-uk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1327660918\keys.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_359222196\manifest.json	msedgewebview2.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-be.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_917558322\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1979763855\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\Part-ZH	msedgewebview2.exe
File created	C:\Windows\SystemTemp\~DFF90BAC7905E47515.TMP	msiexec.exe
File created	C:\Windows\Installer\{F5FDF003-9345-4EC9-AA0B-E9D6E46BC669}\ProductIcon	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-af.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-or.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-sk.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\Installer\e5aec26.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFDCAF77EEAE3B9FBF.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\Part-NL	msedgewebview2.exe
File created	C:\Windows\Installer\SourceHash{F5FDF003-9345-4EC9-AA0B-E9D6E46BC669}	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1327660918\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-nl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\Filtering Rules	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\Part-DE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-as.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_917558322\manifest.json	msedgewebview2.exe
File created	C:\Windows\Installer\e5aec26.msi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-et.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-te.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\~DF0A57374DD2A2BF85.TMP	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller-RKJ77XY9JT.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b0695336ca0b9a370000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b06953360000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b0695336000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db0695336000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b069533600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe

Modifies data under HKEY_USERS 12 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "4"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5"	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "3"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874052934667294"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\ProductIcon = "C:\\Windows\\Installer\\{F5FDF003-9345-4EC9-AA0B-E9D6E46BC669}\\ProductIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-bef193a8f3d14d3c\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\Environment = "MainProgram"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-167299615-4170584903-1843289874-1000\{0A6954AC-CBAD-4707-8E8B-C3DC16259B93}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\External	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-bef193a8f3d14d3c"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-5a3bb2b86cd2453c"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-bef193a8f3d14d3c\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\MuiCache	GameBar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\ProductName = "jjsploit"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\PackageCode = "8EECE02541805B143A2A3ACDD4621C86"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Version = "135135233"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-bef193a8f3d14d3c"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-167299615-4170584903-1843289874-1000\{B4BE21C4-825B-47AC-ACD2-6DD54647279D}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-167299615-4170584903-1843289874-1000\{DB93CFE9-8B69-4B9D-9E24-EC41F71C312D}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-bef193a8f3d14d3c\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\PackageName = "jjsploit_8.14.1_x64_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-167299615-4170584903-1843289874-1000\{AF710C6A-FC70-4146-ADAD-5AA907DE6DC7}	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-RKJ77XY9JT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC\300FDF5F54399CE4AAB09E6D4EB66C96	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller-RKJ77XY9JT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller-RKJ77XY9JT.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller-RKJ77XY9JT.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
5216	chrome.exe
5216	chrome.exe
5280	msiexec.exe
5280	msiexec.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
2704	msedgewebview2.exe
2704	msedgewebview2.exe
6796	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
1636	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
5560	msedgewebview2.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3896	msiexec.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3896	msiexec.exe
1680	jjsploit.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5392	MiniSearchHost.exe
5760	RobloxPlayerBeta.exe
5760	RobloxPlayerBeta.exe
5020	GameBar.exe
1636	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
5760	RobloxPlayerBeta.exe
1636	RobloxPlayerBeta.exe
4196	RobloxPlayerBeta.exe
6796	RobloxPlayerBeta.exe
4588	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 4484	3836	chrome.exe	78
PID 3836 wrote to memory of 4484	3836	chrome.exe	78
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 3300	3836	chrome.exe	79
PID 3836 wrote to memory of 4400	3836	chrome.exe	80
PID 3836 wrote to memory of 4400	3836	chrome.exe	80
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81
PID 3836 wrote to memory of 3632	3836	chrome.exe	81

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://(https://rinku.pro/OY8U0zAS
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80744dcf8,0x7ff80744dd04,0x7ff80744dd10
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2220,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1432 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand MICROSOFT.
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2280,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2484 /prefetch:13
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4204,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4184 /prefetch:9
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3160,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5280,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5192 /prefetch:14
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4716,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5572,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3408,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5744,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=212 /prefetch:14
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5756,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5808 /prefetch:14
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5764,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4672 /prefetch:14
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5620,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6000,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6056,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6040 /prefetch:12
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6068,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6084 /prefetch:14
  2⤵
  - Modifies registry class
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6180,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6352,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6604,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=968,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4692 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5952,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6272,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5944,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5316,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6984,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6660,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5652,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6932,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6924 /prefetch:14
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6716,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7068 /prefetch:14
  2⤵
  - NTFS ADS
  PID:4588
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:3896
- - C:\Program Files\jjsploit\jjsploit.exe
    "C:\Program Files\jjsploit\jjsploit.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Suspicious use of FindShellTrayWindow
    PID:1680
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=1680.5948.10142864998592844146
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5560
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7fffe0c8b078,0x7fffe0c8b084,0x7fffe0c8b090
        5⤵
        
        PID:5968
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1692,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1688 /prefetch:2
        5⤵
        
        PID:2728
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2000,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:11
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1668,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:13
        5⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3556,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
        5⤵
        
        PID:2376
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4720,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:14
        5⤵
        
        PID:6868
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4644,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:14
        5⤵
        
        PID:2160
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2056,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:10
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2704
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4316,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:14
        5⤵
        
        PID:6692
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4248,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:14
        5⤵
        
        PID:2724
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4128,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:14
        5⤵
        
        PID:3192
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4832,i,3937870545953296687,5600147487875417531,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:14
        5⤵
        
        PID:7140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7612,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6808,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6796 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7356,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6696,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6824,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7312,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:6672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7032,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7100,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6832,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7832,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7964,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7844,i,12293825046772516698,4414874204392584631,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:7064

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3960

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5392

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0
1⤵
PID:3332

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5280
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2E3F66C59F2B0857EA997588DE113A2F C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6132
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:900

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3604

C:\Users\Admin\Downloads\RobloxPlayerInstaller-RKJ77XY9JT.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller-RKJ77XY9JT.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:4612
- C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe" -personalizedToken RKJ77XY9JT --deeplink https://www.roblox.com/games/189707/Natural-Disaster-Survival -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4612
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of UnmapMainImage
  PID:5760
- - C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxCrashHandler.exe
    "C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXPlayer-Crash --baseUrl http://www.roblox.com/ --attachment=attachment_0.665.0.6650685_20250325T194612Z_Player_7A5E9_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.665.0.6650685_20250325T194612Z_Player_7A5E9_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.665.0.6650685 --annotation=BaseUrl=http://www.roblox.com/ "--annotation=CPUMake=Intel Core Processor (Broadwell)" --annotation=EnableSessionEndCallback=true --annotation=Format=minidump --annotation=OSPlatform=Win32 "--annotation=OSVersion=Windows 11 - PlatformId 2, Version 10.0, Build 22000" --annotation=PlatformId=2 --annotation=RobloxChannel=production --annotation=RobloxGitHash=02b4c5ddb67176d38cb24d82ab58f517d625d797 --annotation=RobloxProduct=RobloxPlayer --annotation=TotalMemory=8589934592 --annotation=UniqueId=4852822029332530860 --annotation=UploadAttachmentKiloByteLimit=1000 --annotation=UseCrashpad=True --initial-client-data=0x698,0x69c,0x6a0,0x5fc,0x66c,0x7ff71b347530,0x7ff71b347548,0x7ff71b347560
    3⤵
    - Executes dropped EXE
    PID:4328

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3204

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4872

C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\GameBar.exe
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5832

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6408

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:6448

C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:1636
- C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxCrashHandler.exe
  "C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXPlayer-Crash --baseUrl http://www.roblox.com/ --attachment=attachment_0.665.0.6650685_20250325T194702Z_Player_DD288_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.665.0.6650685_20250325T194702Z_Player_DD288_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.665.0.6650685 --annotation=BaseUrl=http://www.roblox.com/ "--annotation=CPUMake=Intel Core Processor (Broadwell)" --annotation=EnableSessionEndCallback=true --annotation=Format=minidump --annotation=OSPlatform=Win32 "--annotation=OSVersion=Windows 11 - PlatformId 2, Version 10.0, Build 22000" --annotation=PlatformId=2 --annotation=RobloxChannel=production --annotation=RobloxGitHash=02b4c5ddb67176d38cb24d82ab58f517d625d797 --annotation=RobloxProduct=RobloxPlayer --annotation=TotalMemory=8589934592 --annotation=UniqueId=8633538819676874046 --annotation=UploadAttachmentKiloByteLimit=1000 --annotation=UseCrashpad=True --initial-client-data=0x5fc,0x60c,0x58c,0x608,0x658,0x7ff71b347530,0x7ff71b347548,0x7ff71b347560
  2⤵
  - Executes dropped EXE
  PID:6912

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:7120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:6308

C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:4196
- C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxCrashHandler.exe
  "C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXPlayer-Crash --baseUrl http://www.roblox.com/ --attachment=attachment_0.665.0.6650685_20250325T194726Z_Player_00A74_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.665.0.6650685_20250325T194726Z_Player_00A74_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.665.0.6650685 --annotation=BaseUrl=http://www.roblox.com/ "--annotation=CPUMake=Intel Core Processor (Broadwell)" --annotation=EnableSessionEndCallback=true --annotation=Format=minidump --annotation=OSPlatform=Win32 "--annotation=OSVersion=Windows 11 - PlatformId 2, Version 10.0, Build 22000" --annotation=PlatformId=2 --annotation=RobloxChannel=production --annotation=RobloxGitHash=02b4c5ddb67176d38cb24d82ab58f517d625d797 --annotation=RobloxProduct=RobloxPlayer --annotation=TotalMemory=8589934592 --annotation=UniqueId=6306220723416786336 --annotation=UploadAttachmentKiloByteLimit=1000 --annotation=UseCrashpad=True --initial-client-data=0x5e4,0x5e8,0x5ec,0x410,0x5b4,0x7ff71b347530,0x7ff71b347548,0x7ff71b347560
  2⤵
  - Executes dropped EXE
  PID:7068

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:3868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1864

C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:6796
- C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxCrashHandler.exe
  "C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXPlayer-Crash --baseUrl http://www.roblox.com/ --attachment=attachment_0.665.0.6650685_20250325T194825Z_Player_210E4_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.665.0.6650685_20250325T194825Z_Player_210E4_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.665.0.6650685 --annotation=BaseUrl=http://www.roblox.com/ "--annotation=CPUMake=Intel Core Processor (Broadwell)" --annotation=EnableSessionEndCallback=true --annotation=Format=minidump --annotation=OSPlatform=Win32 "--annotation=OSVersion=Windows 11 - PlatformId 2, Version 10.0, Build 22000" --annotation=PlatformId=2 --annotation=RobloxChannel=production --annotation=RobloxGitHash=02b4c5ddb67176d38cb24d82ab58f517d625d797 --annotation=RobloxProduct=RobloxPlayer --annotation=TotalMemory=8589934592 --annotation=UniqueId=646053005991785959 --annotation=UploadAttachmentKiloByteLimit=1000 --annotation=UseCrashpad=True --initial-client-data=0x610,0x614,0x618,0x570,0x5d8,0x7ff71b347530,0x7ff71b347548,0x7ff71b347560
  2⤵
  - Executes dropped EXE
  PID:6356

C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:4588
- C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxCrashHandler.exe
  "C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXPlayer-Crash --baseUrl http://www.roblox.com/ --attachment=attachment_0.665.0.6650685_20250325T195014Z_Player_3491E_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.665.0.6650685_20250325T195014Z_Player_3491E_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.665.0.6650685 --annotation=BaseUrl=http://www.roblox.com/ "--annotation=CPUMake=Intel Core Processor (Broadwell)" --annotation=EnableSessionEndCallback=true --annotation=Format=minidump --annotation=OSPlatform=Win32 "--annotation=OSVersion=Windows 11 - PlatformId 2, Version 10.0, Build 22000" --annotation=PlatformId=2 --annotation=RobloxChannel=production --annotation=RobloxGitHash=02b4c5ddb67176d38cb24d82ab58f517d625d797 --annotation=RobloxProduct=RobloxPlayer --annotation=TotalMemory=8589934592 --annotation=UniqueId=7601938344443936355 --annotation=UploadAttachmentKiloByteLimit=1000 --annotation=UseCrashpad=True --initial-client-data=0x668,0x66c,0x670,0x57c,0x640,0x7ff71b347530,0x7ff71b347548,0x7ff71b347560
  2⤵
  - Executes dropped EXE
  PID:6924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5aec27.rbs

Filesize
21KB

MD5
bd3b0d87b08c7004ad743f934cc7875c

SHA1
b749e6aecf2e87d43d675b4536670ef490473ae3

SHA256
a7182151fa24f7400134d1fc1e962434d69ffd4077fbbbde1825ec84cfecef45

SHA512
f67e63032e5ac575a40101fc0e03dd172cf118e9091fd43daef7a48f78110906f0c81c99448a219ad8f6336494ea4ed06c7a54974f2c213b219e556253c7fc6e

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
8.4MB

MD5
7d3af8e6237b147557238bf491671e50

SHA1
8c082d4bc3aa840dfa13365966cee30c62d431f4

SHA256
a60a31a504037f25652e4f59a14f9c014f7b020ffb1bd41419bac2e43e64c903

SHA512
571e966d249695424edd0efde0fb6751a20255094826557c53a9924a305a1ce64b721e733528cc8f4065698611b78b7ce0e8f6ebf50e0fbfbcb9b087dcd1c92c

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\AppSettings.xml

Filesize
144B

MD5
431a6eb20932ec1c56682a1f60d231d3

SHA1
40bb32db040cabade103c21ba5b6f811dfb0773e

SHA256
d5de39863fe721668ce1e115e0fc55a7c733747daff6235d27dad3d160c84dbb

SHA512
0969b9484bb7c661d4e0452ff1c77396796333904b39f24c56d5a92ac4ed4ebde9b8981a985c6950b4af2852e8d9599e071a51ce4f9ef21ead778a2fdc76fcec

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxCrashHandler.exe

Filesize
10.5MB

MD5
a06513afc5e202e202946f87c357773b

SHA1
49a0d31ffdb7676a6dc5aabcc5d37088031f8e73

SHA256
b2bf44124d2497aaaed027e67a02028a2bd34565478b513892972de462d813ef

SHA512
4c2f4dab8dcd8161527d0514a81917c787af8895d582f274109dc08c762e2177e7f7f06dc02762898ef13aebfdfee62ca8634707ca1f6c39ca0b0732cd721620

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\RobloxPlayerBeta.dll

Filesize
14.1MB

MD5
48a6415dac942cd5e8c35d8a34aebfa8

SHA1
50a830f7440f7d9ad46f0f0c4293136d46fb835c

SHA256
8aa7b66d5f5b6021e57759b95fde1b9b785aa14b615a2de9e00d760b1d98f537

SHA512
743ab1626eb6fede1e3eea22feba578938f53d6d86964a4442a57abdf940054b82b02fa7f98a339be1682524b5ae3fa61d94e6f75e1ce35eaa8c7aead00ecb77

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-bef193a8f3d14d3c\WebView2Loader.dll

Filesize
154KB

MD5
577f05cd683ed0577f6c970ea57129e0

SHA1
aedf54a8976f0f8ff5588447c344595e3c468925

SHA256
7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf

SHA512
2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047

Download Submit
C:\Program Files\jjsploit\jjsploit.exe

Filesize
17.1MB

MD5
383ef1f70f833f175c588cab85110fda

SHA1
4b5780d1bd89efb409b15065874877b1424c31ea

SHA256
2c349879607ff4788b904cac39a1593d676b04eb4fe783f02bc1418d8c05e1f8

SHA512
19671ecfaf42f5207c3683f881f91e262ed3f0e5a994b6aaf25f1c9a22e29658c9faf5b21f32f64ae430eeb05ab9fa8dd150fae196db6ff949157bc61768726f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
a8e614d5276c1b6df334b3064c75c169

SHA1
a50179bf53da5bf9ba0c1ee9b86e33daa6eb8ce4

SHA256
4b27796a4489798c13f76255fae5c9a48830eb696211b55996c28a8d4461fd97

SHA512
8197bc89a91ae36d112c59e9e55bdee44dbf3faf5c23fad4bedc5313c9f77b192f71273bfed42d17412a7d3e9e01955df9d167dd3d111ac646ebdbd6f780a12f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk~RFe5aefb1.TMP

Filesize
1KB

MD5
bcacbf759f3f7839f7e77cc1dc94b13e

SHA1
7b07fbf441ff04ebdc6428717ccaa9d57f3728b0

SHA256
935be5e9946ce4785624cfb207657e38b06c438e02d27d9c2381f509ae389581

SHA512
94686321edcb5378228a706dbca3b772ffb3eb0c87f300a74e58ef6e559cf94b072e7c95a0f1094060ad99c14d7ad4a2d188e5fb78a5999a51737a214ae5ec8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e29d721e5b4572b9082017ff18686393

SHA1
22a40ae4bbf7ebce9c78f633d971e053c117497e

SHA256
036f7287dae85d2a9e24a7908b8234ca6f2d65d19e6fb71d32ffa865c8456817

SHA512
bf47c4fda58fd54b748226a0bca56a8fe1d85967ed9967511c031cfd24e535831f118b93f92715d444c01fe3800088f7918f111683658feff4469a896282f380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
1901d2bcbbabee4bbb9804c30642ae2b

SHA1
f31774bc12614be681c0b0c7de3ac128f0e932db

SHA256
15eba349e5829f11363614b8f3dd9c3d04994586601d3c4c4d8069e0f5655310

SHA512
bdb94d7d8cf47b239c61559545b1dd26e05da909fec05d215471388545879cd8ec9e1fea51c04ed43927e2b07b5b80a74f09eb9038c8d9045e4161ea69df215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
72KB

MD5
7b85ce6d64312e6f0d8f712897a45a66

SHA1
431224de66f74e70ae5b37a67260b795352861eb

SHA256
03a79fc56e2b58121ca2fe5938be882582ca7c26cc4208ebf777de6220f59fe1

SHA512
b22d7680c82a5a45d0094dc16b0983ff59c5e3e0567d2854be14cde6a56af63729a1c4e041223fe26569e92961c49a80d603136e88d60f8f7b78ca1999b4fb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
228KB

MD5
7ee454fce2eca9ae217687fa72ef07bc

SHA1
6ae976e7b16033de7db2aa54ac253fac55b416a6

SHA256
57c04db5f633bcd0f6deb02ed279302871a0354b16ea8cc77a63812bbc415f43

SHA512
3e15635bd7c34f760e0120e17343d7d7cf6054939f2f42f7092af727236a45438561aba9a091f86818409b252b07df6578f11f20e3905962af951908fc27d127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
197KB

MD5
c8535e48efcced3cc1fe1ff78d28251a

SHA1
962e4d7ff0d8f68e5d8caced19eb636203567784

SHA256
e50247b6afbba4694d5f9e304595922ecff494b237b9a6eac37c2bede5efd964

SHA512
5e4b3ffa9058f3ce4dc4e8c10815f56c221cd8703905c641d6efaeb2a3341478e96bf99b6495759033ce0812d1bfe8cec5a306055fcb0b7b897bb2e1f2319372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
105KB

MD5
da7fcae4308766368611b35916374158

SHA1
05a209260fd46aa423fc8dc987f4b1730efd82af

SHA256
6caaf6eb26118dd3e9fec44d6c8aa9158817d6599a15dc4d8329aac4bc9dad19

SHA512
c4d3c326b530f2f8fbc2367fadd36a3960435c7b00113a211cd001f3d9f4ac08fc58e8f26063869c37f425abcc8a7e68343ed9b96a90471aaf72658555173b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000106

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000141

Filesize
43KB

MD5
bfef1c88c7a2462d08b6930531953552

SHA1
6392a0f160eb73330bebd4c324535445e0783231

SHA256
5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b

SHA512
339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
7d9777ea5a08f6fd359928cae475d59c

SHA1
845c647153847312078e17d3900edfc15fba10f9

SHA256
60b24fb505644954c8793215c8d6abcd44f6dd0a1597407b81f80a7104ab392c

SHA512
725708bf7d1927c916017a8d0ae0680cf2e4442512b0b02ccde256dd05927684e09e5690fefd218c0059d176a5f35cf91bf343a83a99b38bad9f537572b1f0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
643b42c039cb349f1786efb27e0c6a68

SHA1
9602955c8421ec7c65e254e465d4e57723af7df6

SHA256
44f98081f64b5a0a3fee64e171dcc39d5f541c49d5fc996c0f7f4ca8e8f72f6c

SHA512
fc705af3234b4e9a4fded6d9a930ae3ff4589028baf50eeb3e1f2187b30b3b60c09c6c76c2b17f66dcdb6a36acd4ab507c147e4d9a2b25ec1183cd74705459de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
1f981b34746c46c81310bc4e4486bc55

SHA1
2bb81e106e75da80a12f293eac8f3b364975398d

SHA256
657b38b47e4ff36338c8d4628c19174531cde4c2e4b33a29b404b13a490c4c4c

SHA512
7bd3e55005f4e4351183ff8e232de77a3c6efca1f42b80eca5d7ac9416f2f75c024618438826d24002d5cd94ed6d8bb22a5b667d745dc25ccfdd1d0debb32d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ac91d13af4b7a6fb5fcc5a12d4cc71dc

SHA1
017bc51da06e33e98f9f684a944f0e2dfa86bf8b

SHA256
08252888e698271deb3189d546cdc794382ec3b641a5e37eef7e853de2ef1b21

SHA512
bf8736f6dfea36e8f7f3e37a097d646a9a659212cf182d224ed6a6aab6ec9445cd2590ffd3b6731fefa879fc987f26153ae992b47267be06b31c7c5ef0d97f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9bb9bb4e3b4ec701800d94b4812cab86

SHA1
23bb275c23666f408294ef60881a9c4d99883ef8

SHA256
7b2b3c27693720da38c307b2daf9d19aef58eedb60c7a154b328997b81910619

SHA512
3c5fcb92a3880380f423b9072270f66134070cd62cffffbf8f3a323d50da3d43157f986486fec7bd7e7d9363dd758175edce3475a2988030bac42c8e85ef650e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
61ba57219141701c8dbfc4e8da84101e

SHA1
85fedc7889871f94d2f77c3881b8eaf0f9bac9a1

SHA256
faca9e5148b275c25ddc15ee393462de33f12aa4c176bfc7c8a8d9ca94bac7d1

SHA512
b4b49e4579ef1421b519e21cd6f79a416ea74280e19095f397ee89842cb1411d4686d4220978eec5c5d42b90eaef92800a1464998548c9273edbcb06a1826996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
d1e88a8fe00bb66aae8e30bdf23a8ab2

SHA1
65a51d605b49d1203ba46bf73c756acd3a039fcc

SHA256
44ccf47df71e4a3098a277f79a4479704e7afa4a86667df84ed717521b929ce4

SHA512
c1c6506b304651072a9125331ea294e92923bdbe9576f5b4f4397c574646941b068f8596fe7446121e2a3f6394d1e17de652467edca9cde6e5e52c287f4a7f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
675B

MD5
f81693ab63c7f9e52d299f2c3fe3e23c

SHA1
b1a240c07fe3fccc4166093f98868a768c29dc22

SHA256
fa9afed01fbe7f0705fbf963ed58333a6cbc5dd70c2df6f4eb5e13f7c231d87b

SHA512
036df8156e05ab01793640aaed2e10b6e33f46c4824c0f6ee0b08e1c9b4a1e0382bcef6e17ac6d64236e301c4b604a5d17431c2a0838fce9b8494d20734ad9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
c7fdb39cf5ed91087fe8a15105aae3e8

SHA1
b71aa1dd6bd6a0c534a45c52e1e7db1f47081e13

SHA256
765f609269efebd1adeab01e37be4af19ccbf2574ba04ab83f60f1f087832ca0

SHA512
7b4d2a36847b87396fa1a7344a541246b0e3fec8ed32ce2941a5c1bce9c9ce78b9f04f05e5cfdf2246d28bdb6bcaec4917fe1d506d587191bb9fc02d919c90b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
e6e953a217bc9c7165f3b2b9838746e4

SHA1
58c82eeefe8c68beeff481928b37fd3f6aa03ae3

SHA256
0d5bcf97e635bcbe4fe9014dbdb63a381275ac13837c01f9f657ecd11eeecccb

SHA512
8838cf39681cfbb39b155a5a7cf1148ecf7e9cff1fb26c1a94589e69ce32fb8ac5af84f51c9fbcd29de8a78aa02caebe7d96ef61a83e7fc819d34c561b070df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
18098abe67c07da8ba82a28c4f645264

SHA1
2a97539499c4cd3ad0225d9a42c711f2c26fbc7f

SHA256
dfdeb41bef53aae56766192b58232c13612ffeeb7fd0261956acca21d239f402

SHA512
8eb5efea4dc08b3bcba0cf06a6c183520d047570edb6984e0821bda40d90e61dd3ec1a5d54e906a33f4e7ec32d05ba1b8366330ea4e0da9f63ec8b7efb88e8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
eb43aa745f119590227f6fda27ea86ad

SHA1
795f859899a43c920a636d6951cac5e2977cc23b

SHA256
a689f33e27e0de6522be7c8741f483a8dedde4b88d4a8a3e23d9d8d805b2ba9a

SHA512
73b4b6fcb1b341a35cfa9c822e42b0628bde23c4eb55d45a91ec3bb409568f5ae0216f1fdd0018dbb87914c328801c14300faee2f25c6dfda11f370db93a050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
fea65d76e61c8fbe3c163057cdadbd8d

SHA1
25f0fe642b47ac6a84265eb18efeefc8f7a76b92

SHA256
98c3e1e03efccabb40b0532f3a670823a4d5988c77d4af9bd7d7c9d1fc08a68c

SHA512
9f4dc22bd42a2ac4f4321b4a930d4e02f9b9b73d37bf004994896d1b877d630f297a285f87cd2a446d9c2bfa5deab20c5f8bc5f45116cf7f13c6171963653ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
72ff6021bebee64847cda78dec9f4b32

SHA1
e26222706f2b2980d892690b25ad2a20233c39a7

SHA256
d2d6cac83d2796aef0dbdf9ba1e4773734e31da546853235523dbe9a224d9288

SHA512
326f4646cb1433bbe6f780ac9fd5eb068ca44473c352719d0822bbd907119a3a5870174100f1a110269db4cd7fc2aedd1ee1c7bb85cf5cf1357e8b2c82fd9171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
4001a8baca3d4bb414868def55313ddd

SHA1
7c79af50dbd8dbdce8276ec77ac7621b7678deac

SHA256
89fe1cf014bb2c1182145c2beea363ccc24a534503132ebf0f8076dad88cef9c

SHA512
ae7eada4a08374091e9f624d007813560d94855cee137a8b5818213188724cc98438a4ffac8b537724ee35456f286cba0e21b8fb1f16049cec25032f1a177069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e535a0960630a70cee2e07a960481874

SHA1
0f97f04ca468de689e43dbb4dd2c00e8ab1b74ca

SHA256
8eab40718c2cedfe14156b901da94c72ab8f4ce6474a7bfc445da8a5ec39d089

SHA512
bac5ec61334d21b96be1e41ae06eea74efc07933a97f845e2b510497fd031b7abd4eb4d9b5cc73068ba96ddb4b2e54bf0ef07be13b8679b2d4213e499419f18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
aae0f28abb55a7d32b434c128f6bf7eb

SHA1
cec5fe3aa236a05b4aa6b76fc099544ce6daea41

SHA256
81638b1d6bea5e879ddc267efb43cab25aad3f48469bcf5d8cf68f60c7d382eb

SHA512
41a95a76374d967ee3188f39b9b06706e521b571f7ffcbc54497cb676fb391652307277c06b6739f42bf84b2badea5a6e49aa3bbb2f36fa8c8b79b330ec23bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4069ea5e97e0938b10eadff21ccba61e

SHA1
2ce828b036878a202fc64add7a3ec0ba7294e221

SHA256
a8afc2a925afe6825b37b312a921949e0355574236c37c9572fdfe7466877014

SHA512
c613adcaa0d08d8f1d9b06c7f5027d854fa9493a725ff37ad0bc810c36f3accbe1254c696678c7e3d4be429b19337d0fcfee4284cf9bd4f67b222871ae0ca6d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
bfe45841ff5a9c9a20cde818c93ada0a

SHA1
425d7d5f9ddba2551c291f8d10b04fdcf0034522

SHA256
cc8ccbe16af9a5d9413d0c6d7d29cf7fb3b23649c8be4348319dc6138030b70d

SHA512
a8789a737288b54b32dc1fa45791979502c8863bcfd482870256511223e6d611652f9299cd74c6bcc5e3e79bb3e087a9c27c1f0d66c2de8a6d25796bb65b337b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ba9c7ecbadb55fb7112037c0bd2aae77

SHA1
69f5a422f1f5813b86193ffc786a12b40bdf8565

SHA256
b850ece7bec60bd830492432416481b54e3996ad854d44cac18808ee0cdd60a1

SHA512
e70bba4ff9d70968931679064c39cb0bf21302b6a37745032407eecd567bc09282417a1c42a56da1e9043598143613e3939bc72c5cf602bc10f57f5c3e2727fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a2e04af07149005ca3fc27b297b3e27e

SHA1
ef7c07ae024806695d261364afe31a8dd7b7e163

SHA256
b77ef2371f672ee9e5d209f9dbb09275ed6400c6b46cf5caf4c3c67fd5e09054

SHA512
14c81660d7d6a06f685400f5ed47590b3712c6ddf64b7e49ab43f853f96cdfd1abb549eb6d0080d2013d21cb75d409654756e4351561b1a024693a699ef18794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
248be32994ea61213004098a3d3a64a6

SHA1
45a5ccef508609dc8acf75e8d7774f46712ecf3a

SHA256
85665afdcc747977129b1419b2f3f03f301a28a260baf834965f83ccec0ffeaa

SHA512
e7a4c1582d8684396974598d304263dc582a5e694349198129275f8d732d6bf3f01358d518d80fa37610295ffd6297c5792f5ff12df531266a39814cba8c21d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a8d35d1a28a44ae154f4acb0ffbe4230

SHA1
28b7db94d51f090d9bfd716bb31826700b35477f

SHA256
2fecca615c7d425267145ab345ccfcfeca947d31c373995e6b45e7dcf226f9d9

SHA512
880198d454df79ae5b2bbf654f637658772ed6886f564385c731ed835e9db7a6e87cf3a530af6341e0a6fd18b99a0477e91bfb958a0a2404910eb575cd1e03ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
13995844af31ea0975479308cb5490fa

SHA1
d1879d7fffe3779a48bb250bfb7da994564cd22b

SHA256
0cac68a3c62be19e486951e88dae48b52b8510e51278e95321b6355cb28da9a9

SHA512
5a97ba15c18d2004a7650927766053db9e0cdf67ed42efb1b0fce16f677cd77d583d2e3dde5f158412ef14b741f6d07a3e0a766cbb4ac432591d40f7e05f976f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5bef51bc4f3e23babeef4185fcd3ca77

SHA1
390bb871852490ff95824eb69fdc2030b2abac6c

SHA256
bba6842ab92935b2d32d176a0cef09c50b230d7a743f6532d5de4438b1c8ee05

SHA512
2593ec9a846cadefb5cfc1a0875d4bf098431ac1a64a62470eed9407c28bd2e825a881d4775fb2ef330024028b167cdf07992fd9feee874aeb161b4619cbd610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa6e6205d6536ecc0a04866a44219c4a

SHA1
b47d33c1f0d59c5f987e813141e438391a2ded1d

SHA256
60be586046903ce7c2bc0ef0d42118c18d28587bedd7b0c404ee63e27995d641

SHA512
ef60e22decb242ea7f39630c44325e3e9ec4f5b8e89a1dfc14265f0d6c0d019aa43c4ab024c80d89634e8c3188b7b60126a7701b7982855a4b9805d6ae3f9d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9127a9700b053341e7135f14541b6c12

SHA1
f655425bdc54c6aae1dc26236a8ec67dde22ffef

SHA256
60e229c7f03d3fd6daeefd1c604d37a55011e5391c26d7d30b4881e15c986b99

SHA512
f1a9c0cdba3108063f4bce83fcbf57f64d407095caeb9a9fe68fae28513b59423608fecf23aabc869c996974e16e88572141ac1a60e237d45c11017a4340dc91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
11664a44c8218322edba178eaf514262

SHA1
a6fd14bb3ddec7967dfb41a8647b8764f8c80062

SHA256
f2a856fe195ab0dc0ca65fc41738a0fb882c6bde67e5c26f1cf15419b9a242c1

SHA512
6596d86312630e12c42bf544cba3d9f26dc0ff0029cc784aacc551232b9901fa3003e56e3b09128fdb5bc0bd389ab98088bb544071e0dd629c24d45f9c24f1c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
aa5bf16bbbcd09efac5b0b6900786483

SHA1
1dacb39d1375fd6d9b565b9f4f472399e7dd8f13

SHA256
333ec2f08f0a892ddc3e0dcc1c6d3baff1b450513e4c7b1cc14727cd6b3799a2

SHA512
b9e8bca48f4437991bb7ea5150ab4beb5af2edacb61a10d72b4a125bd07e37c1d5be6a8124dbafa39b247180669462463c3ed78253a397f7838fcbf62e994bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
839e67bafad176caf232a7c94a3d2e9a

SHA1
8b10d800ef54f6de8d6993a7d93c498b6180d826

SHA256
9953e52a656b9ed0a22db634875869313203dfa81628c014fbe444e29c8046e1

SHA512
8f31877b0b1c46648a1f237ac108473958a4eaa8379484674edee4c9881827bec6efb3c73fc4302357cfb86475fccb5f57681aea79aeed2e6747be681268b412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
733ce66971cf70c5a81372d0285c31f1

SHA1
3f06bcd2933d7f9047a02315095c9bdb422f573e

SHA256
dd29c6349b7d9e562fc0279f68332ff772d93c0635d98585445df7cf22b81449

SHA512
c272fbee8a0c5080e260ad4b014a996c946acf5cd5807bdb85f321bcac199b91fb7ff77a93523d16bc9d00137a10b1d598ed50f0d717b06ba80dd225f0548e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4c3d2b945e889d08a4f6d61dbf85ddcc

SHA1
465da0a25ceca412350a1ed547feff36e4b2ee62

SHA256
c525c1236d66bc144038c60110333f449a0d14e56d95fea72805f4bf2df9877a

SHA512
1fd16d9061c854b37fbfde289bae495c05c279792755ad90ec39762ca1caf84894f71d9fc5663a0c36061d7bdd70a8c4dfd18617a92ac96a61b6818faea9840d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
207ed056a1a8cae245fd921ca604c653

SHA1
4228ca6314b1e462e0a6d3c9aa3daad902be369f

SHA256
db1b977219f61c56d44f7cc44d164c44d748c674d4c0b89841b4f106d9b8d1cf

SHA512
2d23f06a045448e4e481eb1966ea691a6316e8d0bcc28eb85690ee2b3d91114560fd6dfd61563dd199dbe2bfdcb8ef0a2ef7d144e3762b9cd687ab376881562f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8c767153270134ff67f3dd4ec752018c

SHA1
42410c9826c5ff96cfdc8163096d903d687da0d2

SHA256
25dcc03ab8d06e9b12461e9227bb92a15634b66ebe6760d3a322ef492a4cc7bf

SHA512
df952af3cb1514315dec428fe4aae1d8de2d7e2a53a1fa250ae47c5af5f3c1af177ad0a2f34d9eeeb40b073157860d2055b79823a1cb399f51b415b92a7c9739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\71e4690d-3d85-4c77-8d9a-89562f268d60\index-dir\the-real-index

Filesize
72B

MD5
0bcbb4f19eaba5029fe785f5c31154b1

SHA1
3a695f65299bf8b0218041083448722208b319df

SHA256
f40460a7a7a20f01f1d5b7ef851d199f39f2a6b504ddf9dabfe9217e792546f9

SHA512
b93f983d5d4088db23a3dc907fd9b6ddb01be75e2678a817a059af01c45e7858aeae58506efc9fc461dd4dc2152eb5bddff8d621d01023795f54af95b9d18c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\71e4690d-3d85-4c77-8d9a-89562f268d60\index-dir\the-real-index~RFe5ecd21.TMP

Filesize
48B

MD5
951e04e9e4b34198ac9bfcd1765906c2

SHA1
f619895f9ad90783e4fed576ca4e5c423288d541

SHA256
b7dbdf224219adbb19efcd35ebab7e70d44f0e0ea72c1ba6f613790212b5267e

SHA512
c3b622d4086065a3deee697e89e85861899cd04b1512995ab04c23702c0ac27bfdbf0bd5897d35e3af3feb975c47cceb39adcde88619518664d291647484fc3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\949eb2af-59b5-41e2-b15d-2601ef7efb56\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\949eb2af-59b5-41e2-b15d-2601ef7efb56\index-dir\the-real-index

Filesize
1KB

MD5
b30aacc97b975adf924903d3ff071892

SHA1
45be13f1cb8c2213ad1b7909fada7180ad808422

SHA256
ecb840f9aaab8fd9f211f94c941fdfc84f8fb74ea94c21ba3460a335904e692b

SHA512
f15cb12395723633669bd64d63d51f4c42a973ab64059ef0fbfbdceaab68a0adb9744d3748aa79e1f15012294275766f95dc66f93ad42e54b52b668362bc921c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\949eb2af-59b5-41e2-b15d-2601ef7efb56\index-dir\the-real-index~RFe5eedf8.TMP

Filesize
48B

MD5
d468fc8294fcc63c724beb2b9e52177d

SHA1
ab8eb61bb2f3f2a13f07ad4c109af65dbf31ebf4

SHA256
b32b0275c9b37f666371697a9fb421c80f10d8dc8feccbad716cc43a153d9022

SHA512
b8fe314f44f791bb9950600c1e349c5eaa8abfda55a305d7c7da9d8311e1869b03ba97cf8385d8a2a8d32bc38ba395370bae3cdb7ccad6ea689ed1c371f8408c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
237B

MD5
a134d81926864de46a9fda8790fee34a

SHA1
ecb7cec7846e733648b13d6e208631a8d424243e

SHA256
929c052ed63abe41367c517736d3c7abf72e28088c2efa315daf6363e01f4d2f

SHA512
1bdff11208eaa3c51b854bc5c0e83473e4f5af3bece0dbbcaa7337f64194f6efecbc558452bf399a61019f273158a9d472ae7017f28a761a4eb4fac8e54035a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
234B

MD5
ac84070616ae1b95e8f270f667e20153

SHA1
df04aaf712b9dd98a1258f446debfe3094aa9145

SHA256
d730e8bc504f594cb52a7cec93e775980ece045097a8d43eec60895a6817fe8c

SHA512
e52e19cb6fe0ade36c1e03d0fdc299f0b3f4eba3c0267870bfbe25426c0869d290ba8272408596f6b71b2aa7f3c02b7745ad82ff8772084e00a003156bdb556a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe5e7e17.TMP

Filesize
142B

MD5
9662f6232a155a2f70f47e1547a0b501

SHA1
8d430b68ac46aa2206255975280da8e5f8570469

SHA256
ea5cf4ad1c7e140abb3e878a00cd72b0a334c95166968e9f7944dbb7befd7f1f

SHA512
631110e05a96ab6b1c78febbbf2892a62e345fb4d1efc9185f995f8cdbf41817d90df1cd69261e25f873c212c263de8093e20c23c410db7db7aa7bee1f0ce531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c57c0306e77694ca6f5e271a6a704aee

SHA1
a704084b933f4b8d818d1a3e5d5d8b54a8ae9060

SHA256
faa8406f90b740726a350e50786c1159d752407b710116c98cc5fd5486642cdb

SHA512
6a86f4a5b5d6249148f15a4aad89fa47ad55137a2d15289fb9d3bda03cf3f93ca4c679668264fedf6b143d64be47d400d842558721ff30d05ef6bebc975a1648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bc274f642907b059430e04186d543d47

SHA1
bc36b78150b1353ec1a138a524f9726618488194

SHA256
d2b320c6e0a3306f64f626b0a5194a1c3221a8f2525f30c8909e6f6bd562e5cd

SHA512
48968f6e55f3af54bcce469edc119d370ff70a5d72a865ad7561faff8520a5e0fe5e13d4049510e96d027313f942c19a838ea0ededbcbf910dcec87f12f0737b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a5be65e26f22fd139fdd94ecbad098c4

SHA1
2191f5f84ca0ba21d5eae707b2db5ca578f4fed0

SHA256
14d16f727fb70f4947a149e6beeff56ffbd085ea6bbaa34d241c0bfa73ab5e5c

SHA512
efb2841d5418bcb07502754ea1dbcf85c36326c9d80f49c5e7e84947451dbe15f17d3456c681f012799467717e7176e37d60232702cb7d512206abf8e19026d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e2bf.TMP

Filesize
48B

MD5
1951d44324125996dc47389c2b94d9b4

SHA1
cdf05f06ef10594ecc1405f9dcd1e138bf842050

SHA256
67637538b1fce05d36667de40b0fcc1d5ec74ab871917c56fe53e86e9fd27d21

SHA512
817e252044d84bf12849707c92f8457294df9a116454118b71607c0d05076e1301f3b7552f0c7cbc03d03cb8cbc081e62d1ee71f7b4af1e8dec7c5b7baacf982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
78d181eafad015835f4ccc194972fb9c

SHA1
ef419f3bbc63382fb6c9d1d3b3fabe9a7f517b15

SHA256
4033d22f7377379244563e9331920e7687bcb5637a9dfa0045d303319bd25e45

SHA512
0cef992dc98e7b75c21ac89c77004c5dc35f8026d4540465564be545219794ee45d493526877be5c6a091a2543568baf09df439ee83d967df4519e9b529cd702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
7740e93c51d5d03eebc17f1a953ac668

SHA1
22552de222a8a18763ad19f87013688e30f967d5

SHA256
7317ed07090b692b727a6f89f69c4bbc633b1a4863af7231c87a19e9ee89eb0a

SHA512
b12907b4ed61d48051b622758de0043b52e54fa13134691d351f678f97671e81a05df4b7a0665d5d7c4453f3681400a77eb64cc91cb0fbbea1b42cd6541ea673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
6a9a9818a5749faa4439c270f90d457e

SHA1
a579c2831ef56418823e02a5d744dcc5d10963b4

SHA256
120c5fd27a80e0bbaef5cc57a9c1ee35bd03b5d708a427f3e888b8e60a123a23

SHA512
b731db2abb3470e66df5126a24785e23951fb91be479720c4d14dda8e59b000d13baf37bec7374c1d048d4cccfb52fcd4058c2ab6ce2aca694a9998b2e87f83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
215f8dbfaac9b8501db41deabf2a8d4d

SHA1
51bff597d3ae20ba711c4e63dd96bbc0a6a1ab16

SHA256
723d59b3ad54049a7f63cd2a08aa36473163929e26b404c5ed5cfd646535b1e5

SHA512
1c33c6d07e741353953b275deb35e0d9ca8f72976918908d1dedd81cfbab3de1832739c6bbc38fdda60766d6c4e97cc371d1d338c24e9098a48a71137905b567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9d478302b0400316a9843b509894da3b

SHA1
de7a2a422c346511b1b202a103227debc55dd4fd

SHA256
471ae92914d33a1c15d9499a8f61087d7f67f9988656f973f0ae7a9ac5bd3211

SHA512
64bc2ff256c8662ff31db614fa12835ef71afad0e3536d5c0809f45b5ee2f64f5d2c69f232180e38bcf3ad127a5f3ab9463bd3040e98b66671262c898ec04156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
947cd2f8a75ef6d7e531b28700b89ef0

SHA1
7d1ebae0a2e475e765389a175186ef8ccc36d2f6

SHA256
369e778e44e7cc37254c9497cebefd88adad7806451b0f26e42f61c0cc7d4ac6

SHA512
70313a60da5858a6dfdb96740099bc8aed8d91ccc7763fd98439997ebfdfbf50e43fe3a38283e9a289d2ba3aa35066d0e4e370b2d43230e76f8e568ce95641c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
31a5ff0af220ba0aae1cb574c6a58d9b

SHA1
6a2752ae7cd6664c06b70a605ff7cd9caf10f8be

SHA256
1df5c2e716c187c4bd0b9623048815a65e5931b9ef06da444f7fb24c5321d643

SHA512
01c2da9ff9c567032dde86c07c9463181a704afd4eaf86f99356074c5cfd077dddac8e168ccd541a0eab3c427161ee3cf1a4fa0d675fb79b30814cdd6cc51e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
a50694f8a511e0906c30d62d44a7a2d7

SHA1
be2b9cc3af12ae5e6252b4733bc8f560ef2d773a

SHA256
2cdc4a2d1c6cbb2d3db770b5d2a7d3658aaa8931de640d23f391004d68b70d35

SHA512
68952fa0b82ccc10366bc622bcd3715058b55749b6318651f76c1a7641000123c81c75f7441fc664719bd8e314600c24603f744fbc8e2ca9eaa789668ad88f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d4252c495744996ccb1fb6999d4e833e

SHA1
cb9e1e3989dfdd1efb2b17031852a9adbcad55c7

SHA256
2f10d6a1df6c7542a7f55b60a4bda6556fbf52021a7c070e3ff3018b3f549448

SHA512
9cbc36f786b1664cb044f5ec0e83c71d776ee43d09d91959b7f59e68cc9aa9b00bc584801bb8e0f2339fe069d73d58f015a1771582730a15b364c3184c6cd3f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b9958284-785f-493e-9970-df9582ae6a9e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
367951370ecdefe942bdb2eab3722568

SHA1
ccd3bea3de5d41c317fbd18e4aa598861bd16e68

SHA256
c1224aba9877610305f53c1ec68facbfd28f1f876ca09fe5d41e239ea02a2834

SHA512
34c5d0cb8c90e0edece932c6d547614266b35bb2e87a5cb1335f6b58aa1f640ca3ec93811c55b7dcb513638c8cc43d7b6599af242b5a74dd0e04d809d5381c31

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
be4306ed23e3366c80b84db4f2f21e3b

SHA1
e8ffe0e84930f28f44e86410450c7c303da78431

SHA256
0bd4f69043a6efec682af5d1145a22127ae2d97bd66cce63e35132f85fff2778

SHA512
a18bcad9ff46d69f79a6f49af210797b582bbb97b523b56b7b6a57cc37b34c5403bbfe259ec218a11853f557801ef61a260fb4dfad95f6453ef1a798c65b1fa6

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f9e8d87bd5143b90593d582e0bb840c4

Filesize
8.5MB

MD5
f9e8d87bd5143b90593d582e0bb840c4

SHA1
8bec20280f8cfeed0d91af6df710be777d6a3882

SHA256
51ef6126c67bad7ffd85f550c9ac04ed829591a0be610c5ac3ed369bdeea9385

SHA512
f6ae86f4fc596415ef80a72b486a313fc902cd5a7596ff7a3a778865560a037481cb0c6f3f9032aee53bc6980c6103061c8f2bd80dc1714f7e95ee86f51c40fe

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\RobloxCookies.dat

Filesize
583B

MD5
7a9ce63f5e26be97067c35efb68c2fdc

SHA1
07098d318551195b781a0696227fe1342b4a5c7d

SHA256
ad1decfd235ad741744a8cd4c565ec46928e031edededda0c9d4d8d543996268

SHA512
cfd03f019b24c922c19294a0452b7a27ce4017d39b4b23f23379fa18821dfe37b95380a4497b63975423985e4ded77668c88bd25355e5876d6db5a91627f719b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
6KB

MD5
351e804ff579238ae2bb1107e772125c

SHA1
2300c7d1c733ec64561f24d00b0cc7c684774b64

SHA256
355c8a9d645fd40bc47c2f2de2187645266f8a62cfb17e6ac05dbf95bdbf4ff1

SHA512
5b2a6ea36c92438a8b8ce142cd1f77ec10877cc95fd6f59dd8999f31ffc4cb1738db5c1cce3c0706292681dca5860a5c8c16a4981aa961d33e3997c65f9abaf7

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
6KB

MD5
cf65f2acbaf481ffece1cd05a0b5b4ee

SHA1
924f5ac76803a72c3b42fe3fbf75d833080e4d73

SHA256
b8339552f486f7dc04f17778cf4968fd6fb72f83fc814401f08819c788bc7ee4

SHA512
e83f1cdc81796f360526b686a7457089c3f15f8fb9703bdf2b480912b94808a814db4d2e2958b2a489213c0fd65df3e382cb8ad12d0d05191e186974545ca774

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json

Filesize
6KB

MD5
0085062c1197fd9e526a4fc0bdb5230c

SHA1
91673a331168f830868a054a3d2df7be61dfa469

SHA256
776f3ba7ec1aa6a3b39815a72a67c20790619f1fe7675a84572313f93350c1f3

SHA512
a0a1deddc76dc04628cac4c94e582197ef5f3ef8d4e600383c80baecd5a98f3e70b1636a426b98af1b9b6e562d2c33e2e517a880673787a8cae8fe37d869502f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\crashes\settings.dat

Filesize
40B

MD5
529a6e43eaa726d55ad652d709ec00e8

SHA1
7e63214ad0c7be4fc9c18d50702216aa74a733a4

SHA256
56d4bd9221cc3bbe8a6ad23e26f6fa545b3140c48718b01221194afbeaf4d104

SHA512
71cbd91a37a315e22824123188831a763ca8d35362d457866e4a439c1598ef81dbaf86da8b9ed9d93ea66017bdf84fd382d53422650384f898a1434886f7ee8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB874.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8913724486d5e3c463c493b25346ca31

Filesize
64B

MD5
8802c7d34c0e4940cf909fc44ca24b90

SHA1
2688862cb85219ea54e169705c4c8789f9326125

SHA256
9b0b5b07c39f96248a40d0cc3e39c36d5e3be4349849fdaceb2e60808021a993

SHA512
867a9909f975ee0de61d6f1c946e5341b588df5350a90cabaf84d6ca85b2c1c956ccd8b913cde8c7f6df4e208c3c172456a94019e436c70d53c5f7a727fca145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\927937500e608380049e52fc4198bbb4

Filesize
13KB

MD5
5014932f32fdfc477002f6377d2a586c

SHA1
21ac7b0da6700952b8a151791f3e466cabe8b6aa

SHA256
b3645e229d225c44298e311a4834063bea04f1848055b0242d5e489d47d2579a

SHA512
741502e37cd59a1ceda3ea8c8f0e43e129ed0f88b77c4a66677676afe655b8477f17b9fe41627e7e225dccffefb87459a8180951ff30a4a77935636d2ae45cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\edgF94C.tmp

Filesize
28KB

MD5
583a92e3e37000f345e297ccf15e3c08

SHA1
76cee9bd8f27309c4af7aa52824a4d2eddb8f239

SHA256
82b24606ef96c7ee458df1be3e5a1ebc8714af9edeca19ac5b359d33a833eb3c

SHA512
42da33c01d3c7793ceb56f5c8a33f40a61a6ed6dfec437697e999443df5a3b6dbeaf9465bd7f18235c490c01ed87321628bb2bdf8a3eda6377488707d4ff35b6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
977305ca62ee2ec8eb8489fce2b01aa5

SHA1
56cddb0939f58a891f346345b4250b063409b8e5

SHA256
a3976af924612e47220dee1a5b4bd05da1dc8165533925a3edaf4062cc7edd30

SHA512
9b29854467a268eb994dfdbf972f9009fc124e1dc0d42bbeb2a228cf18e79852776a8c4f98a144581954ef6b76b84a4ffd3362fa4a602e42d400853751d754b8

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
2175984103951b3bcb5d47e38a63f7d1

SHA1
60b86f85843d95920493a06bffbf0f793725d14e

SHA256
1e7828b5e924326c33c3f9f17df24006dacd456638490af6c09e570ace31a409

SHA512
dd1c3164e0312959369697b7f1e204344618d60e3d4bbdb75248c39dac6f2fac765ab08c0c9b95a65fbc19d54a80674cf6d2a3955afbc5bacd6515792a7f5b19

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\6e0e7a40-18f5-4eee-a6a8-0834a26b8e81.tmp

Filesize
6KB

MD5
a6adea0060e4436ec7d5f78d7ff0d73c

SHA1
8fa152f7382d5a60bcbb62640d882ca131ffe8fd

SHA256
5477d4eda678a90b3fe7af9c1818b7cc25b20e6c81871b929371ad8b0e32e733

SHA512
9382c7bf6af698021771925f41a0f1b364731ec2985b40239aa6ecec53e94818717bf56784c605c785ac33c9f6ec76fe5ac55de956d43022af25259630d03e67

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d9bafda9b277ef70a8df3cc2d7e8f574

SHA1
c75885819c2a2609522d02f1a49ed9f95228901e

SHA256
d641445ebcf1c8079a228294dfd68995ae98b5dafb104447857a5c7627fb0cac

SHA512
e8f04d7432dece9551ad0f7b5a51b7792f89c2d30c9dac5d0c52a95b25257cc91c81b1b5b4ba56cb64f3a8f3b89d75175d52919d438869b929fda5461e926491

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5bba15.TMP

Filesize
48B

MD5
39cb0f5f6e33809c4a999805ca295969

SHA1
f9292571f72754dc880a64a4927df8ccfe7c7a1d

SHA256
b9cda5099bbf50f8d3ccb4569ee5b7c449b3b41a30620df633a6d079fd452dad

SHA512
dd8bb7a7b12b553083e388e9bfd0ae858aa304787092fadb48b8feee8d73f997dce264377d94bbec0c699feca1099391782eb2c43d4568759c92a8dbbcb98f65

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
733301a3f5ada0be33d2cec6d9ef1df4

SHA1
c23000fc9643160913ac3ea7925615370f74dae9

SHA256
0a19a893185b38eb3d1f1225526da0eee429cdd17d0602390cf1933bc6a1f62e

SHA512
9253fc0654ba1b5374fc6cf5ece90508c92d29c67edc9b17ff4b052d76d13fb0541aada0ffce925bd1ab32905571245b99799721c2e8369fb695634cd29d4bae

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
df8b342c7b78988d4183a66fc67a140f

SHA1
f0b9a0f8d3d6d97289e5ede055118052da999541

SHA256
73a8159c278f074323adde5cf552a94e53905a407fa80152a2e431afa3adb01a

SHA512
d8d92571329fe70b917307cea96dd2064b3833eac9c095dcaac4f1da6815bbab69d004f2ca7d3d9069220b09795f8336938bb9f52d8d61e96c9541cf39fe0278

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State~RFe5c5d4a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
e8a78a843f081439cb1004a324d3d158

SHA1
7bd2ad9d6a15d7637b52b9d5b736804cf7630091

SHA256
d07ce7b9c60821023c3318b25da480290182db83de05f94ad2b7c01476003315

SHA512
a54322c3b8612b87a4e4c201211e6786fd8c8d2faf79f4dc119879fd07375bf3bef579a1c9d9ce8c83112787b0ab4cf4464596012ba6aada296d8e4e506ecb00

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
9c4b1fabe5e4a9a951188a29dc77529a

SHA1
4df9b8c7e2ee73e274a392ae4309e331443bfd38

SHA256
5b80ad71fdc4dbca12df15b607b34b5ee1b311cf139b04d3ef7bc329639b9d76

SHA512
a6cf4fee45b663c9a64cc250aac7b325e52b4ac5261afc04d6a0e7e35d92ddde70dbcec45aed298d1ca9e20aeb0211a8b6d94365eb03e9fba6dcefc7c3faf644

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
e50fb75a4619544fb670886799cecb3f

SHA1
723f692acadfe4479f6d14c7bf8e7a63ea58ab69

SHA256
a6c71f39d42d1ba55c22d5449781b694d1cbf94c1178b87455fb02ccb4710cc9

SHA512
05e720d3c50baebf876063e06d98c21768889bd36dfe415bb33eff760b7d01b62b0a48999dcbb85d11e13ef77f051bdf83f9fc18ba511dadf2ed4c5ef3fb76ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
427e0b9d4569fcd27299572e51a3e4d5

SHA1
bed8a427db18c65d374f0dc075282bb2bed5fa8e

SHA256
7cbb04093d7a769b3fc6fc8fbcd307c0123a3e42b7e7173fa6c4824b50d1baee

SHA512
19627502b85bb8f81e6cdff9764e83a9448f05dd501ec084255c8fd57293e41949adce9b4c3efe2703442386d3392bdd02311fe47780f4d4276c0e213aca95c7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
0838ba4efdc8cfaf8f8cc9786d7ebafd

SHA1
0a2690638596a71d019a7577fb7dceea4544b075

SHA256
aa2cffd18bce9eed2c4d6ee3c8ed0c0ddcc6000550e151cbf2e0b1110541de2b

SHA512
70a259ac4febf1c41d1990c5cff7f02ad238a213d66e6fdf54595d6ef77aca1ebf15fc8249a507665b74d422db377ac27403a7ec0077a061fe706233711970a9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1022B

MD5
44e55d72a154967b854b1d7ff43a7b2c

SHA1
15c9039aad0205a33c874f65953462f7880e11cc

SHA256
c2564550f3d7c4ff678a73820ac23a77e60ddf0a53ad7919eb77adec9abb1be6

SHA512
770d5b697219313c7f3f002f680a9c89f8d1b1589af50569e2f18ba6052cf88fceb060d15e6cc14d5347ad0c2287b02ba84b0aadda051dcac348721cfe68a35f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
1cf60236106ec1e89ce28e3dcac41c80

SHA1
b8ee6ae388cf0aede208936cee3dd340579f98f7

SHA256
ed5abc6d388c9bd061a2ab21a2ef271e841395f332a7fd3c93dc2d23e3545b3c

SHA512
d284eedbc37eb396ee99d247e10ef1498a61ccf81150dc38a5f7f3d1c29cdbbe97d346bb312a224a96c5541d9a4751013033e1e114abc206fed805300d690079

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
53677a4278fbd8949902a7e9a8c4a212

SHA1
0337c3643f6950b2d1bdb76b25999c60c2351270

SHA256
169b5dfdf93e8cbc2dd7d63d7b5296f24bf7bc99df76005cb810e2ebbf04b9bd

SHA512
87e608cc42ecb431ffb20aeb4ad317773c2fcb2ea09ea55990ab74c04f7eb51cc91168abd18046e77895651cf1b1d6066cf196d33b58bb77643765b55f7d576d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
176e1c12330da1958a083f694d71c217

SHA1
213f86252dfeaf10ccdd0b1e3faec83a537fe8e8

SHA256
50e97bdc50b5fa63795d76f532c62df11286f0785f128b61676096e044259c8f

SHA512
d5a5f0a93c24ee8280fabcbd28bb14779bf260870af1e91ff68d24d9ab1d64fca5fbf79fa24b82787480c16870565ca0177d336a89467c24f6d0e3c28b816c64

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
e587532621d0d2f05b9cbf60e3bdb4f1

SHA1
a27c43a13590f7e0c4b4452e6e1aec547cccbb3b

SHA256
eab710de340207cd6acacef4118d6564ceb9c49f65c01db8bf022ae8526108b0

SHA512
6bd0ebb8f9af66b2bda9ca9b759bfb092a2ede5c637ed89cd4814a4d43a86df816e5b582747b777e01deca9fcdee8a1df2e90735cbd119a4817fca24c82f0378

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
e3540f42287218adcbd7028007edcbfd

SHA1
651261cbc31581efe02aa0fb41190065b2029a0b

SHA256
1dffcabf4446762e59bff003f56d6475b62a1f3ed5dc2ec18669e24bf5bc31c1

SHA512
4cd84ab9f8a330c352eee566eabc67966669cf3b21836f53cb84a62f25e77e26590d18ee484a38a6a6f19ee0dbf149e9ee93e8919110538e9afbf60491b5ef06

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
21bb76e8aa4941eee317b42d62821a4c

SHA1
cada4bbdc639c531a16520fead10f17f32c56e96

SHA256
666ec84b1db14eeceec1035a4beea4cacd583014b28478dcded040e3ac8f28e1

SHA512
17f93193decd27e0b892e1c667c6152e89c0638fe89c20e25a702c84ab4005ca43a57aed4405d6fdc9cb184eb23a518defb7d0c54e1bcd9a256dfb23ba44bd6c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
6975cf461f0542e6da03987396953b3b

SHA1
861d400867d22cb3a4112543f0de1ad576638426

SHA256
92acfeda13ce7f753853e78e41ed2b2474885a5968216ce21fd786e76d2633b3

SHA512
415c1cfba48ae2ef45652254cea0cb63c4180dec4196af7125a5f9a130afa081b2783e1ba79591322f8619ccdbb6f85dc6c57245f0ff6a2541e4415b3d0795f4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
0e2c2c17f9ac1b21a10411eaea823114

SHA1
27ae790f7db3e606b3a92d4071be25ac592f9e39

SHA256
e79db8129d1ae1ff609a0badff92641c9a4f7fb36fe8a9c46f96c25677f7ea24

SHA512
944660f4a8120ae615cb34876faed6af9ba4866b6e9b705fc173fcb2fafd4f1b39c02b6d730c8cbcd511ae1b5696f646e84ba6f138154dcd82fcbe7d1989bbcc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
fb8298ae145ff24cd1b49953b718ba70

SHA1
f57e897606100f8bf0850b2565c3507476864e93

SHA256
3a89049691be4d4af959f79bbe5b0507afc565b5790bd15cd6bfb25601e18c20

SHA512
a4d562e01da7f7d0a4d7b69816a39915bfa801da1ab3f3fc988620cf69879db780cc989363b70ed0ef686088091d6a376508140c437a422d5805872fcd930637

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
6604fbf5d15956d8fd099f192aaf816e

SHA1
0b246a76bd33d424a18970c678a60891bf65c110

SHA256
8060b18c1de312cb4f6d19bb9b6708dbdbb1f186f9cd9a5258e943e9743f7f6f

SHA512
d850cf980938e9cad1880f8f96f0c4a8f70816c18e0755969639d8e04c694b4d09fa1381b8d02c68d0e16b1829db867e867c3c07477403257622229b5481d958

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
6963c13c3ca29efef12d5a2ecec350f1

SHA1
84ea94d5db0ed2b2cbcc5d3b8a2bb5a11e2d84dc

SHA256
f6f23097f781a030fb0f9de9431a4aeeb51fa501db851193e15c4ceb427bd67e

SHA512
0fa31a13a1447842600728c835b1fecf28b1bebad8ce1d933b3ad4d362b896e9156acb5d92938077fbcddd416d3f14c6bec8fbace011b828eed5e68cb1b96d1a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
117088d00448a1f60d6309ff2ce9f84e

SHA1
e0f1777459514a5e005422dc6e22a4c46baa9f86

SHA256
3208684a87a47743df30ee3aa5b8e30e807e5ea715d12990161a55d5b51533b4

SHA512
f23bc7ded9aed763fcf33a30cce967e52b2a882b8f4c8c58bc81d6d8882787ac9186a42022cbfbdfe6f5558b2d83851dc25905130602f584f5e9fbd3040f521e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
d9b1c64ae629710be7d5a18dd66b4177

SHA1
69b89496902826fdf6cb4ef2022fca3ffdd64278

SHA256
af9d9b3235439beab0708a26bbe5b33fc3d85bc9b172e28b49fe668632093c2a

SHA512
1d0ab21cce35d06b24864fa165e71022a8c0c0bc528753a61e70d5366cfa07be0f84f0037054dcd2e68d46daffe307d9d3f1f2fd76848fe77b64a28f465930bb

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
890a867a2d9c1746f188d533cac934be

SHA1
f73e334929fc75c54ec4d40bcc659e7dc09a00c7

SHA256
72c864176ab16c516d8272d777fd494cd1a25ac863e96342a6a0fc320593ff1c

SHA512
297404af2c14e0980cb84f0c7f1f63771946a34ac352b101357289e786a1ff46b47419f189e7538afb8047e6e834cca9a96c1d7c33924f1bf86bcc4a7d48eac2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
06097b67d4cec4553a0a47aec884d19a

SHA1
4b6a0ec3616c46f18ef4fe2db812ea474d5e4474

SHA256
d3c65a7a27244a2e35af8913397cda881bd0e6c3abbce4b21ba9aabb9b0ab175

SHA512
638c87997cbd682cfa1d11795203fa7ca2d940790766d41a45dbb411fa4ef7370257c5a0280c8cfb63b595e19eb7fbcc852efde97e09d6ddf5e95418e86d22b4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
889b8469af54ea57d8e19541cd267472

SHA1
be8ea6e1dad5caa9980567658bea1be1ff6b03e1

SHA256
dc89413a5bac2c3ae0377060a947e1ed6b2b331caf7a2bac8c284835f80c6cdf

SHA512
f158ec5103114faea1647e2260ae1ba098a530ce68d838af992dced7451316fbce381f243c5aba3c07ea8e5e3ddc2d391bc7ff6623bb9ce13111c7941b390925

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
022224ee5e5967d5cb560807c337b267

SHA1
9d29fa1869d1579e8d96d7bdab9fd05a94e1e842

SHA256
919191c39442f709ce899a0f2700aebe5a35a221f5d8a9f97976563428821ad5

SHA512
6cb08c772aa3fbc8fe3c90472043faa0e9bf63ecd99dc40ba9badba012fc8d60fc012bae10a730322179faff92694bb897e589dd7228b759fa542f753b555dab

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
9f35cfe7cadad43f1c0e8f2b66c8d63c

SHA1
fff48c98e64e627f79da5225a6906390846da357

SHA256
ed0a39010312122f0eb187bc883e59a3e284f813d6eef7ad65b7c05ff0276c40

SHA512
7140d5305f71052106ab84bb7db4b77c9608131d1f6edb1f2c277a3bd7559f20bf1a25ff8cf4cf4e731b38e901924adb99bbe0eb1da0256aba8cd4f510b000bc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe5ba45b.TMP

Filesize
1024B

MD5
5490603b74652be9a226eae452668d86

SHA1
63ced25a15171a560e4e9b1647e3df9e4c0eeb08

SHA256
ddcaffc4c2aa10424e74d4587feed5be8436d5ce515b19699ccc0669210b4ff3

SHA512
b26cb8944bdc28dd78e557f0998c49ca0408eba3f41d09b2fa91944225cdce861ef2e340c15b776321d2cd23a128d41d7a981768c3f1bfac0850d3efe13344ab

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
4a9197ca7d430706cc069238af6e0e1b

SHA1
9c2cc6188534766488b520400a4025c3831855cc

SHA256
127fef2ceb1f890ee585ef7e404892081739cdba54fe7d4b975ab23e1e174817

SHA512
0cea52cdbf4661f77f985bc08797504645c12da5f25f1df8d8cdd85da4fea0cf633c6c7df392b30973e15261cc24ffc87956af5995fadc0c34c8078204107166

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
9844904545cbf010316a6e5e877460b7

SHA1
001b1b73ec800e4e4227a81775597761e531e737

SHA256
debab9145441b0276d1474d1d49e70c653264960cb9eea9adf7844e2ab2c5e78

SHA512
dc4115c6beac0f371b4733e29331d09dc67f642d4a6877bb97f7a023541034f6541aad2969ad756227ee8a0f0b57dbd66d1b873486a6cf354b2962af5dab232a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
93f413795af372908cdb01704f70d26f

SHA1
2576f53795d0cc7b48ee9aa0aa1322ea889929ea

SHA256
aea7358e7a646e3d35f3a0c344d96c804928360c41a1627f02e378302a647a9c

SHA512
d778124eec86641b046025c79155f9b41f2c3698306f284ecc86a2d648ffc41377467a8fd3b2b3d301a069bdaf030074e30351c422fa23034f261dd6961761a3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
180b2d7b5a3caf462173476436decce3

SHA1
1fbf7e920931a9f7d2e08841df41f5485f61b466

SHA256
4f621e9c79035c28de0a44c684569bec769913f8e45ed66be7779ba35941f4d9

SHA512
75de5528b3b78432a6769ed5a203439de3fda896f83919e0be01460829c6f416c8b96887a0428963e7e897e9f29f289bfd6fc7bc37f1d1ca76d7d4565cca59e3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
573ad3ce675a38d1c2e633c183bfe7fb

SHA1
45820b08ad8968a954bf6e9848923704965ea9ab

SHA256
911ec3bf19d2fb0387abfdce8d39be7995d00dd2118bc337fc128f65b04b1827

SHA512
03fed0d8f2af16792a9f1d3a744f92961560f05ebd5e2ad320cc8a045dd80a4dae8d3c9f1d6b8293f5087d6068b6224909b646736844b6807ca17b238764f9b6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
77b7b9bdd93c0cfaedb2e37a5a60adb8

SHA1
04df05440ffbdd8f8eef06120b6256dcae514f38

SHA256
75d125319a755b9924d7f562408d8a61ceddae18fd28ae0c888e2321cb22bfb2

SHA512
254e480d5848b91ed833c91b5e4623e7ef612043f3011894e0fe59588f1b335daf54f49c1746155099e19a1d5fe9d95ddaa2737736904bb001b97bf745556fcf

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
4db35123d521e4a19561f4e0ad7a6e43

SHA1
a1e7edf6415d6430bc60d4f8990e7c58950465b8

SHA256
efb9bb82cfac90d670dc4b07b3b4c804ee78c05859f14d7aef4bb9f870cf83bf

SHA512
ef715bf0fe364ed6364b5767007dc69a7a9e6be42d1eab3b32705ecef2a54d450e0f2894bd4489429984b06cbac64627acc3e8d473da654247604f7c426dd227

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe5b4860.TMP

Filesize
1KB

MD5
db0839cf8ff58f07427bb7146206d409

SHA1
e2e76bef2a1d20c07401ec86775e83f6a073e1e8

SHA256
217b661039057b9e8cbe007a895fc0998cd0ff1d6074f9046e8ea9fa5265ffe9

SHA512
7a5450e4abae64fcaf0163596fc1ffcd45f5b9ee122ab33b8b9876f15b484644db8ec1b8372cf704efbac766ba4b3f01001ed0333f139fa5180cd31f86cb03ce

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller-RKJ77XY9JT.exe

Filesize
8.4MB

MD5
5a1886265c56e44ea2baa73624468c11

SHA1
f57f18e5e4eb7469a4f70867ba29005468d839ab

SHA256
33d404233e2139e13e26a162a9999576a4fd0667229fd85456cef93fc577c37a

SHA512
972d25531d90de57115c41cc6181923e961caf11f96e4a4822cb6e732cbc799ca071b0f6502e8490d2f1e8a1591e8c3fd33ad2a5582e5bc02fbd01bb1c758669

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller-RKJ77XY9JT.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 109867.crdownload

Filesize
6.3MB

MD5
90fe4ea1323d1b17c90efdc69fa13cf5

SHA1
b92333fd238d9bcf80cfd170251c0ed05ae5edc6

SHA256
0d411f1b891ca8240ee7fb73adcf4c0dff02869b043be19b57a4f5b0257bac32

SHA512
5437c5bbaef5b9b0a785fa6de5489ea5a9e778973840e899544ead2db1c75f876895b63ce2634dd39c4085b959136811ecd7c954b60beee28251c156cd9b45e5

Download Submit
C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi:Zone.Identifier

Filesize
62B

MD5
ab5ae4c6aede1dbf44ae8e0aa7a933dc

SHA1
2279aa17a3fd6f112c74b38b0fe9e9ac0352074e

SHA256
212f021f74e1be6b5ea9dd7d46ede1ffa2d234d7b2486b4cacdb0df4b3588cdf

SHA512
52071cbd2cf8c9f990c42f52087895241d346bf782274c0d4db13f413d1fd6d5b47dc6507224b781a3afb27c69ee4349ea7251d28df0635abdc2a1d6f5382c56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1327660918\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1979763855\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_1979763855\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_359222196\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_376754792\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_638480450\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5560_917558322\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.6MB

MD5
94f634eb5ba1712b77d3da625df6ba69

SHA1
245b4ed7fd638f01673a0a04b309574ef5f330e9

SHA256
d8a7a3f284ded38f54bad271e0e289303b9664d7f22f1cf6e0e20681f925452e

SHA512
5c3acf15a4737b1aad15c538bf8535b0d8a1aeedc32946f1f78b502411ee7bca4a2c9ac408945e0e71db3a6ccfc7d4e15ed811f512a82c2506c0e9374909d2a8

Download Submit
\??\Volume{365369b0-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d40ab66c-b44e-445c-88e5-a26be3ed08fa}_OnDiskSnapshotProp

Filesize
6KB

MD5
d0f16d26ef0f9d8e98da70f2901f48aa

SHA1
d23ca7142e948a6766a01ccf72212a7a8457a991

SHA256
685fc3d2d5ea923294e70ce60bd209ec30ee65d6e32c92ea9c8f99001b1af4dd

SHA512
1f1dd676f8b2f970abc2377d068f427280e685687ce06a08a6f6bc8568f6ef562927303eb44cafb58120390e053fde0e9af746733bade053e32fb41d625290f1

Download Submit
memory/2376-2072-0x00007FF816150000-0x00007FF816151000-memory.dmp

Filesize
4KB

Download
memory/2728-1965-0x00007FF816150000-0x00007FF816151000-memory.dmp

Filesize
4KB

Download
memory/2728-2167-0x000001A3ECD60000-0x000001A3ECD91000-memory.dmp

Filesize
196KB

Download
memory/5760-2354-0x00007FF813DB0000-0x00007FF813DD6000-memory.dmp

Filesize
152KB

Download
memory/5760-2321-0x00007FF813C90000-0x00007FF813CA0000-memory.dmp

Filesize
64KB

Download
memory/5760-2341-0x00007FF8161B0000-0x00007FF8161B9000-memory.dmp

Filesize
36KB

Download
memory/5760-2349-0x00007FF814040000-0x00007FF814060000-memory.dmp

Filesize
128KB

Download
memory/5760-2343-0x00007FF813F00000-0x00007FF813F10000-memory.dmp

Filesize
64KB

Download
memory/5760-2344-0x00007FF813F00000-0x00007FF813F10000-memory.dmp

Filesize
64KB

Download
memory/5760-2345-0x00007FF814010000-0x00007FF814020000-memory.dmp

Filesize
64KB

Download
memory/5760-2339-0x00007FF8161B0000-0x00007FF8161B9000-memory.dmp

Filesize
36KB

Download
memory/5760-2346-0x00007FF814010000-0x00007FF814020000-memory.dmp

Filesize
64KB

Download
memory/5760-2347-0x00007FF814040000-0x00007FF814060000-memory.dmp

Filesize
128KB

Download
memory/5760-2348-0x00007FF814040000-0x00007FF814060000-memory.dmp

Filesize
128KB

Download
memory/5760-2350-0x00007FF814040000-0x00007FF814060000-memory.dmp

Filesize
128KB

Download
memory/5760-2351-0x00007FF814040000-0x00007FF814060000-memory.dmp

Filesize
128KB

Download
memory/5760-2353-0x00007FF813DB0000-0x00007FF813DD6000-memory.dmp

Filesize
152KB

Download
memory/5760-2306-0x00007FF8156F0000-0x00007FF815700000-memory.dmp

Filesize
64KB

Download
memory/5760-2352-0x00007FF813DB0000-0x00007FF813DD6000-memory.dmp

Filesize
152KB

Download
memory/5760-2338-0x00007FF8161B0000-0x00007FF8161B9000-memory.dmp

Filesize
36KB

Download
memory/5760-2337-0x00007FF816190000-0x00007FF8161A0000-memory.dmp

Filesize
64KB

Download
memory/5760-2336-0x00007FF816190000-0x00007FF8161A0000-memory.dmp

Filesize
64KB

Download
memory/5760-2335-0x00007FF816190000-0x00007FF8161A0000-memory.dmp

Filesize
64KB

Download
memory/5760-2342-0x00007FF8161B0000-0x00007FF8161B9000-memory.dmp

Filesize
36KB

Download
memory/5760-2334-0x00007FF816140000-0x00007FF81614D000-memory.dmp

Filesize
52KB

Download
memory/5760-2326-0x00007FF816090000-0x00007FF8160A0000-memory.dmp

Filesize
64KB

Download
memory/5760-2314-0x00007FF8157A0000-0x00007FF8157C0000-memory.dmp

Filesize
128KB

Download
memory/5760-2316-0x00007FF813970000-0x00007FF813980000-memory.dmp

Filesize
64KB

Download
memory/5760-2317-0x00007FF813970000-0x00007FF813980000-memory.dmp

Filesize
64KB

Download
memory/5760-2318-0x00007FF813AE0000-0x00007FF813AF0000-memory.dmp

Filesize
64KB

Download
memory/5760-2319-0x00007FF813AE0000-0x00007FF813AF0000-memory.dmp

Filesize
64KB

Download
memory/5760-2320-0x00007FF813C90000-0x00007FF813CA0000-memory.dmp

Filesize
64KB

Download
memory/5760-2340-0x00007FF8161B0000-0x00007FF8161B9000-memory.dmp

Filesize
36KB

Download
memory/5760-2322-0x00007FF813C90000-0x00007FF813CA0000-memory.dmp

Filesize
64KB

Download
memory/5760-2323-0x00007FF813CB0000-0x00007FF813CC0000-memory.dmp

Filesize
64KB

Download
memory/5760-2324-0x00007FF813CB0000-0x00007FF813CC0000-memory.dmp

Filesize
64KB

Download
memory/5760-2325-0x00007FF813CB0000-0x00007FF813CC0000-memory.dmp

Filesize
64KB

Download
memory/5760-2315-0x00007FF815890000-0x00007FF81589C000-memory.dmp

Filesize
48KB

Download
memory/5760-2302-0x00007FF8165F0000-0x00007FF816620000-memory.dmp

Filesize
192KB

Download
memory/5760-2303-0x00007FF8165F0000-0x00007FF816620000-memory.dmp

Filesize
192KB

Download
memory/5760-2304-0x00007FF8165F0000-0x00007FF816620000-memory.dmp

Filesize
192KB

Download
memory/5760-2305-0x00007FF816680000-0x00007FF816689000-memory.dmp

Filesize
36KB

Download
memory/5760-2301-0x00007FF8165F0000-0x00007FF816620000-memory.dmp

Filesize
192KB

Download
memory/5760-2296-0x00007FF816480000-0x00007FF816490000-memory.dmp

Filesize
64KB

Download
memory/5760-2333-0x00007FF816140000-0x00007FF81614D000-memory.dmp

Filesize
52KB

Download
memory/5760-2332-0x00007FF816140000-0x00007FF81614D000-memory.dmp

Filesize
52KB

Download
memory/5760-2331-0x00007FF816140000-0x00007FF81614D000-memory.dmp

Filesize
52KB

Download
memory/5760-2328-0x00007FF816100000-0x00007FF816110000-memory.dmp

Filesize
64KB

Download
memory/5760-2327-0x00007FF816090000-0x00007FF8160A0000-memory.dmp

Filesize
64KB

Download
memory/5760-2330-0x00007FF816140000-0x00007FF81614D000-memory.dmp

Filesize
52KB

Download
memory/5760-2329-0x00007FF816100000-0x00007FF816110000-memory.dmp

Filesize
64KB

Download
memory/5760-2313-0x00007FF8157A0000-0x00007FF8157C0000-memory.dmp

Filesize
128KB

Download
memory/5760-2312-0x00007FF8157A0000-0x00007FF8157C0000-memory.dmp

Filesize
128KB

Download
memory/5760-2311-0x00007FF8157A0000-0x00007FF8157C0000-memory.dmp

Filesize
128KB

Download
memory/5760-2310-0x00007FF8157A0000-0x00007FF8157C0000-memory.dmp

Filesize
128KB

Download
memory/5760-2309-0x00007FF815780000-0x00007FF815790000-memory.dmp

Filesize
64KB

Download
memory/5760-2308-0x00007FF815780000-0x00007FF815790000-memory.dmp

Filesize
64KB

Download
memory/5760-2307-0x00007FF8156F0000-0x00007FF815700000-memory.dmp

Filesize
64KB

Download
memory/5760-2297-0x00007FF816480000-0x00007FF816490000-memory.dmp

Filesize
64KB

Download
memory/5760-2298-0x00007FF8165A0000-0x00007FF8165B0000-memory.dmp

Filesize
64KB

Download
memory/5760-2299-0x00007FF8165A0000-0x00007FF8165B0000-memory.dmp

Filesize
64KB

Download
memory/5760-2300-0x00007FF8165F0000-0x00007FF816620000-memory.dmp

Filesize
192KB

Download