8577bf17a75c2ed4587d0808072c70817c2e74e9d11d7867cfe1f194e33539b8

Resubmissions

28/03/2025, 18:09

250328-wrzgdszsdx 10

28/03/2025, 18:00

250328-wljhzsy1gx 10

Analysis

max time kernel
254s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:00

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

BootstrapperNew.exe
Size

56.5MB
MD5

fd972ceec822ea5ccbb90f5cfdee4c2e
SHA1

e2e16c9d756d928b074d08066da6cfd562485488
SHA256

8577bf17a75c2ed4587d0808072c70817c2e74e9d11d7867cfe1f194e33539b8
SHA512

c826386a740a900e6d5c8ae0847e9d68edf83b72fea045eece42e1183d9b01e702be8dd6304434fb741d8d74f791187b6c4257e49e512b3fffc04ecf78e16686
SSDEEP

1572864:UtIupuelhsWnPyOkiqOv8im2ARr2mlmPxaYCxBF/2rW:rYDXsuKOknOv8i3K6mUEtTF/2

Score

8^/10

defense_evasion discovery trojan upx

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
88	264	chrome.exe

Executes dropped EXE 4 IoCs

pid	Process
4304	RobloxPlayerInstaller-6RT46J3CW2.exe
3704	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe

Loads dropped DLL 64 IoCs

pid	Process
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe
3308	BootstrapperNew.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller-6RT46J3CW2.exe

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

pid	Process
3704	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 54 IoCs

pid	Process
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
3704	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000245fa-1213.dat	upx
behavioral2/memory/3308-1217-0x00007FF97CA70000-0x00007FF97D0D5000-memory.dmp	upx
behavioral2/files/0x0007000000024188-1219.dat	upx
behavioral2/memory/3308-1225-0x00007FF98C5D0000-0x00007FF98C5F7000-memory.dmp	upx
behavioral2/files/0x00070000000245a6-1224.dat	upx
behavioral2/files/0x0007000000024186-1227.dat	upx
behavioral2/memory/3308-1228-0x00007FF98CA00000-0x00007FF98CA0F000-memory.dmp	upx
behavioral2/memory/3308-1231-0x00007FF98C5B0000-0x00007FF98C5C9000-memory.dmp	upx
behavioral2/files/0x000700000002418c-1230.dat	upx
behavioral2/memory/3308-1233-0x00007FF98BBE0000-0x00007FF98BC0B000-memory.dmp	upx
behavioral2/files/0x00070000000245a5-1274.dat	upx
behavioral2/files/0x00070000000245ab-1279.dat	upx
behavioral2/files/0x00070000000245aa-1278.dat	upx
behavioral2/files/0x00070000000245a9-1277.dat	upx
behavioral2/memory/3308-1281-0x00007FF97C530000-0x00007FF97CA63000-memory.dmp	upx
behavioral2/memory/3308-1280-0x00007FF988340000-0x00007FF988354000-memory.dmp	upx
behavioral2/memory/3308-1282-0x00007FF988320000-0x00007FF988339000-memory.dmp	upx
behavioral2/memory/3308-1283-0x00007FF98C8C0000-0x00007FF98C8CD000-memory.dmp	upx
behavioral2/files/0x00070000000245a8-1276.dat	upx
behavioral2/memory/3308-1286-0x00007FF97D830000-0x00007FF97D8FE000-memory.dmp	upx
behavioral2/memory/3308-1289-0x00007FF98C580000-0x00007FF98C58B000-memory.dmp	upx
behavioral2/memory/3308-1288-0x00007FF98C680000-0x00007FF98C68D000-memory.dmp	upx
behavioral2/memory/3308-1290-0x00007FF9876A0000-0x00007FF9876C8000-memory.dmp	upx
behavioral2/memory/3308-1292-0x00007FF97D6B0000-0x00007FF97D763000-memory.dmp	upx
behavioral2/memory/3308-1291-0x00007FF98BBE0000-0x00007FF98BC0B000-memory.dmp	upx
behavioral2/memory/3308-1287-0x00007FF98C5D0000-0x00007FF98C5F7000-memory.dmp	upx
behavioral2/memory/3308-1285-0x00007FF987A40000-0x00007FF987A73000-memory.dmp	upx
behavioral2/memory/3308-1284-0x00007FF97CA70000-0x00007FF97D0D5000-memory.dmp	upx
behavioral2/files/0x00070000000245a7-1275.dat	upx
behavioral2/files/0x000700000002459e-1273.dat	upx
behavioral2/memory/3308-1297-0x00007FF987460000-0x00007FF98746B000-memory.dmp	upx
behavioral2/memory/3308-1313-0x00007FF97C530000-0x00007FF97CA63000-memory.dmp	upx
behavioral2/memory/3308-1314-0x00007FF97C4F0000-0x00007FF97C502000-memory.dmp	upx
behavioral2/memory/3308-1312-0x00007FF97C510000-0x00007FF97C526000-memory.dmp	upx
behavioral2/memory/3308-1318-0x00007FF97C480000-0x00007FF97C49B000-memory.dmp	upx
behavioral2/memory/3308-1317-0x00007FF97C4A0000-0x00007FF97C4C2000-memory.dmp	upx
behavioral2/memory/3308-1316-0x00007FF97D830000-0x00007FF97D8FE000-memory.dmp	upx
behavioral2/memory/3308-1315-0x00007FF97C4D0000-0x00007FF97C4E4000-memory.dmp	upx
behavioral2/memory/3308-1311-0x00007FF97D780000-0x00007FF97D78C000-memory.dmp	upx
behavioral2/memory/3308-1310-0x00007FF97D790000-0x00007FF97D7A2000-memory.dmp	upx
behavioral2/memory/3308-1309-0x00007FF97D7B0000-0x00007FF97D7BD000-memory.dmp	upx
behavioral2/memory/3308-1308-0x00007FF97D7C0000-0x00007FF97D7CB000-memory.dmp	upx
behavioral2/memory/3308-1307-0x00007FF97D7D0000-0x00007FF97D7DB000-memory.dmp	upx
behavioral2/memory/3308-1306-0x00007FF97D7E0000-0x00007FF97D7EB000-memory.dmp	upx
behavioral2/memory/3308-1305-0x00007FF97D7F0000-0x00007FF97D7FB000-memory.dmp	upx
behavioral2/memory/3308-1304-0x00007FF97D800000-0x00007FF97D80C000-memory.dmp	upx
behavioral2/memory/3308-1303-0x00007FF97D810000-0x00007FF97D81D000-memory.dmp	upx
behavioral2/memory/3308-1302-0x00007FF97D820000-0x00007FF97D82D000-memory.dmp	upx
behavioral2/memory/3308-1301-0x00007FF983740000-0x00007FF98374C000-memory.dmp	upx
behavioral2/memory/3308-1300-0x00007FF986CE0000-0x00007FF986CEB000-memory.dmp	upx
behavioral2/memory/3308-1299-0x00007FF986F60000-0x00007FF986F6C000-memory.dmp	upx
behavioral2/memory/3308-1298-0x00007FF986F70000-0x00007FF986F7B000-memory.dmp	upx
behavioral2/memory/3308-1296-0x00007FF987A30000-0x00007FF987A3B000-memory.dmp	upx
behavioral2/memory/3308-1295-0x00007FF988170000-0x00007FF98817B000-memory.dmp	upx
behavioral2/memory/3308-1294-0x00007FF988310000-0x00007FF98831F000-memory.dmp	upx
behavioral2/memory/3308-1293-0x00007FF988340000-0x00007FF988354000-memory.dmp	upx
behavioral2/memory/3308-1320-0x00007FF97C3B0000-0x00007FF97C3FD000-memory.dmp	upx
behavioral2/memory/3308-1322-0x00007FF97C390000-0x00007FF97C3A1000-memory.dmp	upx
behavioral2/memory/3308-1321-0x00007FF9876A0000-0x00007FF9876C8000-memory.dmp	upx
behavioral2/memory/3308-1319-0x00007FF97C400000-0x00007FF97C418000-memory.dmp	upx
behavioral2/memory/3308-1323-0x00007FF97C350000-0x00007FF97C382000-memory.dmp	upx
behavioral2/memory/3308-1324-0x00007FF988310000-0x00007FF98831F000-memory.dmp	upx
behavioral2/memory/3308-1325-0x00007FF97BCC0000-0x00007FF97BCDE000-memory.dmp	upx
behavioral2/memory/3308-1326-0x00007FF97BCA0000-0x00007FF97BCB4000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\graphic\gr-profile-border-48x48.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\places\Maquettes.rbxl	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\button_control_end.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\button_control_play.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\LayeredClothingEditor\WorkspaceIcons\Auto-Weight.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\PS4\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Emotes\Editor\TenFoot\Wheel.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetConfig\readyforsale.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\icon_picker_disable.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\InspectMenu\ico_inspect.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\InGameMenu\TouchControls\touch_action_jump.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\ic-view-details20x20.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\families\ComicNeueAngular.json	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\GameSettings\MoreDetails.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\InspectMenu\Button_outline.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Scroll\scroll-top.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DevConsole\Warning.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\Animation.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Settings\Radial\TopRightSelected.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ViewSelector\background.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\Gamepad\ControllerSelect.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\SourceSansPro-Regular.ttf	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\families\Kalam.json	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\MenuBar\icon_chat.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\Controls\DesignSystem\ButtonL2.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_25.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\NotoNaskhArabicUI-Regular.ttf	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioSharedUI\list.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Emotes\Editor\TenFoot\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\MicLight\Unmuted0.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_12.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundLightTheme.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\PlatformContent\pc\shared_compression_dictionaries\ae285847233c55953d380281ee718a08c0ff4c75b7d8f2559963839ca56ca57a.dict	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\btn_delete.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\button_hierarchy_opened.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\Cursors\Gamepad\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperStorybook\Embed.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\particles\explosion_color.dds	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\mt_grow.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\dialog_tail.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\img_eventGroupMarker_border_selected.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\RoactStudioWidgets\toggle_disable_light.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetConfig\private.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\xboxY.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VirtualCursor\cursorDefault.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\translateIconDark.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\loading\loadingCircle.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\PlaceAnnotations\AnnotationSingleHighlight.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\PS4\ButtonShare.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_1.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioSharedUI\alert_error_withbg.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetConfig\editlisting.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\xboxA.png	RobloxPlayerInstaller-6RT46J3CW2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\xboxB.png	RobloxPlayerInstaller-6RT46J3CW2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller-6RT46J3CW2.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller-6RT46J3CW2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller-6RT46J3CW2.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
4428	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller-6RT46J3CW2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876585343307358"	chrome.exe

Modifies registry class 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-361fa88592b64089"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{756E1748-52ED-41CD-9097-E8ADB79C9891}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller-6RT46J3CW2.exe
Key created	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller-6RT46J3CW2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-6RT46J3CW2.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
4020	chrome.exe
4020	chrome.exe
3704	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe
1340	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3308	BootstrapperNew.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
3704	RobloxPlayerBeta.exe
4928	RobloxPlayerBeta.exe
2036	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 3308	2092	BootstrapperNew.exe	90
PID 2092 wrote to memory of 3308	2092	BootstrapperNew.exe	90
PID 1332 wrote to memory of 3984	1332	chrome.exe	116
PID 1332 wrote to memory of 3984	1332	chrome.exe	116
PID 1332 wrote to memory of 264	1332	chrome.exe	117
PID 1332 wrote to memory of 264	1332	chrome.exe	117
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 1488	1332	chrome.exe	118
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119
PID 1332 wrote to memory of 4216	1332	chrome.exe	119

C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3308

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5964
- C:\Windows\system32\taskkill.exe
  taskkill /f /im wininit.exe
  2⤵
  - Kills process with taskkill
  PID:4428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell wininit
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- - C:\Windows\system32\wininit.exe
    "C:\Windows\system32\wininit.exe"
    3⤵
    PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff97cf5dcf8,0x7ff97cf5dd04,0x7ff97cf5dd10
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1604,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2084,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4340 /prefetch:2
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4660,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4952,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5072,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5832,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5868,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5888,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5848,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3400,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6072,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3208,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4824,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4776,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4336,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4408 /prefetch:2
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6220,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6200,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6776,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4468,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3104 /prefetch:8
  2⤵
  PID:5344
- C:\Users\Admin\Downloads\RobloxPlayerInstaller-6RT46J3CW2.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller-6RT46J3CW2.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4304
- - C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" -personalizedToken 6RT46J3CW2 --deeplink https://www.roblox.com/games/8712817601/BARRYS-PRISON-RUN-OBBY -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4304
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5208,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5200,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:vyG3qaleDoeULDVKiKiUz67M3bmZ-aZkgT4KAA68E2UeSWfmgY9g9sM8PhqYuSnLh3M71cLtlYnvT76W_l5H3L4h8qrZlyIIPxEoyYIqrLKfIwZrYBl5cdG19W3NvKZJuBNaeE7XsnTYtDDXqMxZ0K3A2GKUcmFsoK_AOArjX8zwP4DAXUQM9umBuz4VvrKheXvEgAW5xm31womBlDNKujAif4e5OEG5dga5LDMa4N8+launchtime:1743185070977+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1743184929340001%26placeId%3D8712817601%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D335ef820-3184-4c75-a5f2-b50d70910e4a%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1743184929340001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5116,i,18313052007516541528,7854175999377303074,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  PID:4552

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5652

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.7MB

MD5
a679a17f732d6c4e4799f4c2a5c00b4d

SHA1
79778557030a4ce1f0a31f1d93878c931bc932fa

SHA256
6472c6e314e51269d9455fbeddb982a6af07269420c23fbb09d2fbdbff49dcc5

SHA512
ee1843c3c4be3c1b82629d45432748b2e84c3025a19cf65fb9f80b6ac214a2d1411152a4ae196d5b02fe535bf6aecf2ee2a898f475394cc23815a30d81e679db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b54ff69981198c1d76abf03cdd41e66f

SHA1
a10228e8d1c36b61e44a613ce87ff917fd8507ff

SHA256
0ef12bc6c574ea14d8cdd3fa72d8b13817acbfc39bb7b4f79433a649c57cea79

SHA512
ed54f8e4eddc5771254616e32295fafbd4b5f57b81eeb02e5fbe70a8034062401e828412f751ef36a6685c40de34595221fa869d11608bef3a36d91b6b6384ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
104KB

MD5
51660898d71f1fd6b1292ef72e278f0b

SHA1
509c414d7062871cb6b527459766ada97a3221b9

SHA256
fd6f5e7528d4b1ef3cc937993493fa0de902d71ab933353c62e5451b1c9fd7c2

SHA512
29b49a39459010feba8ef940b0f14c3edb66bad6f00bb358bfbb6b3ba7353afdea193dc653222c2b607f7ca5cb0cb81fab072db6db3c9b833658bb1241ef1c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
43KB

MD5
bfef1c88c7a2462d08b6930531953552

SHA1
6392a0f160eb73330bebd4c324535445e0783231

SHA256
5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b

SHA512
339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a20e4fe4202a6cb26978eaa03bbcdd1f

SHA1
3dc96860ae9b9c5078379a8165501d1189c7b516

SHA256
a7efbc53c50089040b64786761141377137a3a295a43e6105f56bbe76308b729

SHA512
8221ba313d044395a79c957f02474d19a8121dee775a5535445c8a321ea39dc11cfc31e0c522fa3d69f90199c769b38648dcdce6046d1b7caa25f0613184adf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3e20c259dcc9d78dfeebd0ca814ccb27

SHA1
e43971524bc852b267751204e08c3df801f58f90

SHA256
cecdc420e7c33cd84897e412c69d13b0d1b6e4d350cbb39eec2f74ecbd1dbfc2

SHA512
103d0b6a45248804a434e8343405d86abed8f910a2da8803823e7ba053cd0327d4c5593b15ac0a4fa6a79e50ca43965ab10f347f47ad4b34f0bd02abdb51d2ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
41a47736cdfdc71e565ae0abd6ca1efb

SHA1
f8d3209c5e711001db76036eddfa60688a7115df

SHA256
c1f00137b73329983ce00d26210969f8fc60eaf3b2e60dfe0042c2a7dee12b9e

SHA512
905560f7dd19ffb32e26bdd5ef97d52c33ffe1067c32697ad512e7f41fc355bac79ed4e52fc08f57ed4732b25a14dc83c7e2354a958dc9f46ee04cc7d7984335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG

Filesize
713B

MD5
14fad5a5bccb512936dca3acafd791b9

SHA1
78f7f1527eed303735412ca22c9324e26ed34ef0

SHA256
9d323f2ff644e2920768b71ac46fefb3367a26bcc7c42c9d461e3d49ff43c311

SHA512
7a7b3093f5e3bf98c1af36d52c007b2b877b2fa17f0e5b408b61b154e68f6320270f3c698776c77aa1736e3e9261c7a48747a4ed6886096584209bb04d6018fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
766c7c9735ed5f4be10addf4c904af37

SHA1
fc378366b9aae98b48b4f2c35c80abdbb2f4fb8f

SHA256
8cc17bf5e7522c61831a38aba78c831e4ec802b02164204026626fad3ecbed32

SHA512
6c0942f80ca638b34d37b351769ee5ec4a2cc788cae8ff6dffb8f89e2aaf5c133855ef912fa2432051874a46228c5ba631cd42545f0087fcd4a6047846ff95fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
12457cdee5c4710b0afac26fc6c20921

SHA1
b588c83329fc2c2a0b12e1c057a182561e00a3f8

SHA256
03c2ad8b69e709224b16cc7268d09a1b3a81472c5194b6f18a127188fedffdd4

SHA512
ec59999291efe9ad2bf8d7751582c48c35a1c90ca2200563d614ac1fce67d317d70589628d2081257fbad30dfb0052af127a6e138f92e3a0b7edcb5392f2c59c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
92baf3e24fb08a64a18688ff9da3f08a

SHA1
ce1951e21c7747d04a72aaa78a9a77a4017ff2bf

SHA256
3808eb8756c5f06c455103fd413e026ef8be08dd96c79b1aab40a2522da90f8b

SHA512
1fa782f1332ff007ee783eaf3a1298c3f36aa9493ec7d8c5a0f0f355de55dd2846a259a9e746deff70cf37f1323c5f07b419281e3c18ef0ac785db7a0461c3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3753c28bf7f0b1e252631020a9c44339

SHA1
ca5669b421b5fbbc56db1f4563b9c7930132d4b2

SHA256
83860dcb8821151551f641577b9b816eddb10f11f6deb849495f285a28ba8c47

SHA512
1bb0b28f6f26d9e120ee3f94e5fa7b84faf763e57fa5af9590812aeda1cf79ca3fb1c3ca1f73faf26f11076f9d9e2931adc20ae4417f1821633afc8d9a85d033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
71ee7746782fa02105361083912f8d3f

SHA1
df6f4af1c2a9a2997c2b3bf810706e500ca52cd8

SHA256
7ecef87f9823212d1291f07494c6bd037677402858221abbab7897185fadfeb7

SHA512
001d597fc68a4ca16d529a874ec40455f09dfa91d20a4be6d12456ab06f6e57234d5d1f5acab4a1ca90e71392026aac4a128e358f32f0581806487dce4a91735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c25b0b303a6a32fc964317642f8aab59

SHA1
3f43a774597da0c2cc6de206aeba8e6d4cbb925e

SHA256
85f848f89cc8ebad790e850e04025442e0fcf0100021e1ad8d3bfaaadba64294

SHA512
d6c2f61f82cc43e95fb0446ad5676de629b40a5c2afd52c530506bf13e6fce36408200941194c9149d5589760d9e46c2c48e47b717da7ce12459d92fcb1a74c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
886173c621ae6df561b89e6c4a9d4a9e

SHA1
1638fd15c3faeabe09653109c7bcf1c842ccf2bc

SHA256
8a8d993732dd83d52ef137ffcb9917986332916cf975807240c04f92153556f0

SHA512
a26fe55b43755bc7be522f7c3cab96d232b56f46b4dae32d243e8721030d62b94d3cfddbe706e2fe74cec6152bf326bc2267d3415c7751e36518356e8c1246ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35c979902d4754984dd7f6124f59c478

SHA1
51fd663099ac28e56cd6128f5956e26419591ead

SHA256
d9b30e0d9e8760b5ff7d0456a9398ac74071abdc8654f363b7314a5ddf21fc75

SHA512
21ad34ff8438864ff4f10ec969e767ed30dd4def6e6e3bab9705de9b78bd38a2e399b2f98bd1bd49b383058744fd0bbc99565c2e34241ba5456bbb3bd9744aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b274ed719c50b7e0ad92fd592e3d62d9

SHA1
1c73f00f70374b987aa87dca310cf04798ab0fbd

SHA256
006728347efedc354e4bbc4c611b17426a9473a078828ff4d8a5d4e03be588e3

SHA512
283a9eeecc6c39895789406be3f3ffcbf8e56bdd0700d8b9f461cfa36646d38782feb46e4c51158c618db6025a61223bdabaae50e8409c2ecd4e4cc65b3e7c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2a34ddc02b8fa0e93b2c3e5aaad79788

SHA1
2d690fa59887028bdeba4cedd2d868c673d4e9d0

SHA256
6ebc16f69d07aebe4cc139fcb6a82564f0075bd84483812aa828fe88df68c248

SHA512
f10eea9513e64ce59a89f7851edbe5c2ea508ebc601ed156f250c3ddcfb743e32eae414eb477775d910002268a97485e4045c8288a2202f93d9dfec9422aa8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b2edded16a4f2cc76ae8d5aed36d23bd

SHA1
f486e74b050675b453a8afd4144191250c6dd41e

SHA256
f0fde9172fbe02055440b6040b33281cd4f51292d64d0adc9c92d96dcffe13c9

SHA512
a4519b76a673cd853a126dc1248e2b7efd0083e297e307326fc752e8be59a54f1725507aaf9a858c08fa6351b6cefe482a05ca07a9bea4084a91b3db579f2e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
262c5ed656f52d2eda1d3a7edfa97446

SHA1
606c2ad0a463c9b8312607f3fbabf0fec3061129

SHA256
029dc3885f9b94e8c79925fbf45c647da2e71a1d7b6287a46f9d4fb698480cd1

SHA512
6ffd215340ac0d412d0c101b4b00bfcfd43e6c0158c31d7326011e5ca6bf3efeec15ab77be72cb76af245378d84a9cdcc43cb4b5428e7055efe9321261597d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
be88cb79ef4b61dc049c6f1d213658b9

SHA1
f1e5dc2212ef58ced12bbc274e0a7132515f772d

SHA256
da3800c4463848322a39c7b6e860fd28b2c681b000b6be6426c35c164041b22e

SHA512
c31abb800e07f07f539857d86ee4ba676b80b120a6faae4cd2bfdcbab3a66cfbda83f35cb9e11e5c2d2a062b7841a532ced4ce8c37bbc938ca5ad6fa557353e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c746a754e21714e874199e17ba66658

SHA1
6230f13fd9d3608d727fe38e7dbddde35c6a479c

SHA256
d0526eaa182b405ffe78ffbae932f0ed9e741eeb93a8889613294755fcbc73f6

SHA512
b5dee15120caaac5954975c4f4bdb2f208cc4b8fff3b04487e2cf3f37f24d436401af2d211e2ac5f47cb9cdf4ff6e5c3fa70579f398ee1fcb62f15220e0cb482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
3704712f8a5f8554a962d59b2f75eb55

SHA1
5d83d653b0012feeff8e81492705c6edd0e97a47

SHA256
1d7c8cc2327b3bc20957261bbafff1b4fb852eda61adbae7a178c42260f5180e

SHA512
e5d11802cdc1a1b7653a532372434b053c8eb2c7aa5270351843a7c3beefd513fc8245e40d0b9da8b923b7537583390996a19fbe54343d58f5e4e6e451127ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8bc8eb4a27d148534f685675b18e26e1

SHA1
79e381747d00923296a62a9cecf771a71a5bbac0

SHA256
90f80f7c5f10ae5d125c4e103c78488a47b48e85125e5285617163f7501a7d7a

SHA512
4ba695edd5c547b3107c47df16635f458246e0c2d6894bb5b8ab78b2b30c401fc097bcb3118d45e903fa83505276c86b6209a27456b7f46c2bfaa38137adccd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c2ec5305e1483525509f03abfb18e02f

SHA1
196c43d21465b0e90266b0333ecc228b02ba60c1

SHA256
bbd60d946319d43c2fdd06599ea021d4323ebd7da19c4c4cfb3b1c5c60631edb

SHA512
b164bcf310e143e601aa4b6c6b8cf3e4e0b15d87c3c0577455870e1eb56c13dd9156744189976f1e25d6ddfd92755fe0cae86ec33818657bd8fe0b4a7a18b8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e8f40643544f368b30542b843fddac50

SHA1
28b8cbc3f06e823b8474d1ba2850afa6d3198c5f

SHA256
d57ed8e8e4bec05f86e0b4127838c325a90831d6872a594fd2478ad260321d2e

SHA512
bb3bedf7c2100dfd31239d563a27cf287b948d44b464b6c59623664bd9fc903d838a773724203f4bb0c2815c940cd0e87f8a1b645080b887730a57979231304b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d646.TMP

Filesize
48B

MD5
86e76e69150e9034ca7cc3e2964a348e

SHA1
cb8c2f9cac91143d76a2f0977c76fbf17475cf1f

SHA256
18bde8d97a51ebbb11a4618060daaaa3ea85ea2256c1dc70711492cab942fdbb

SHA512
01735f88efcf9b559535b916009e3122159d45d8212e8d5dc9def55d9df3f35498b5a31d1faf9cfdf6980a982eb77cd3327c67c1ccdc27c362c5e508d7a1f1ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a04c15b8-6dd6-43dc-9558-3ff3480cea65.tmp

Filesize
10KB

MD5
68b23c8459c4853b66a30ec736fe5ce8

SHA1
670953ba8143bbb9554a6f6920d54e24db62b10d

SHA256
45195e06f2485ab190d2938f5068f15d28e81a6356bd197a90234f86193db973

SHA512
56b0d79bf08b154dabf4fd6e7955f80d2938ae70d926d37da3c45c7e453fed97ea38c7c8838244ceb876e63440a5962a2bd5369a32c9fb0956993b5c3b59edd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
1d85e45cc65879ce2eb18df2b6736cc9

SHA1
4e426f25fcc61be85f3c8535c848262e8f7be4fb

SHA256
b8720130e118a522bd2a7ec7cd8c248f3531628eac1718319f0f05cbccd1d87c

SHA512
d4ca1e2d582a43149afa3fadb9752dd6170113ac999b40855c0e2201e97f09cc12877a5bf18ee66dce526d1e4a293efd11e3f7193761ad08ffa2156c7c2958bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
1bb93e698731eab1c4864899a7f240eb

SHA1
d80aaa44ff7a572d208c78fe7957b93ea808561c

SHA256
cd438609917df459b83c0427acde8e25ca380a0fd95fa6d9f41776ee33229a0e

SHA512
8d2765d5d466e289f0663b44533167a73776f9ed4633dd246db416a7338a76c71d4bb466af35190e3db9da491e12389b2ea925dba441de43975253a023e05e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c5407c4cb63c2edf206f2c3b4b5ed655

SHA1
83a4e1fec22fb197843e89fb52945310b46ae78f

SHA256
13e09b0c134670ab9ed54d5a61a7e22e619897d48ba22e2c40db5574605fc251

SHA512
8063c5c5249817f5e7c21b1261257d7caafa86dc57cf078738bf1377cb55233dcaefbd2bdb75fce5813e73ae6ffd35341113a5e6d98c395e0061a743ba3e4434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
605b2012fb92d59604d87acfda9e8ecd

SHA1
b52dde360cb794993916e22f14a6c0a0536881a3

SHA256
d6b376c53330b8595e9612c398ca564316d6691edc101505b9030112e20d2116

SHA512
351a2982c027f02147dbbd6bfe232880481e45875bb6b1e722f2a1e43e0eafd624cfbbb459b59e81d0504f39bef6b0cc62ef608392cf35a84009af8f01aba700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
f7c205a1daa9806d67225cdfa15b9247

SHA1
78017cb854bacb8296f51ef563bbfa0e13a33c29

SHA256
49fd4d191cb92c22f5f7f816a4d5b9525cc536e4e8878b794bb07e54f948d42c

SHA512
286bc76b2c2b2b6e394a70f4d65e3edac266981c41cf2d4e04b5d39c67cdedb5e328fe1e088c541cbcb8f211400ec482c1171aed503ab51ff0770b01937aef8a

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d3ce7ba8150c6b4ed1ad1212fd1c021a

Filesize
7.9MB

MD5
d3ce7ba8150c6b4ed1ad1212fd1c021a

SHA1
703ccb1beb53288f7d6da1294c5fd5a0e6e3a56a

SHA256
327f6d9ac087b0614239a9234981a015b09a108bdc0dd97a2ae72bb1ce6faa5f

SHA512
606d6a8bf1c51247f78b7a2ecff7027b08059814df54f40c461241cc9254d31df08d24f1f0b66570849ad84993baf7dce9c10e02f91071834ab8269e76e8ffa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\_bz2.pyd

Filesize
49KB

MD5
041c3a1ba71868d4daeb6d0906a38b28

SHA1
8aa225f0fc86534c2c6526004afdb5d652717daf

SHA256
025ec23249cb7fec75178b51627fbb57bbe1f55adb294353e22c4ce153801345

SHA512
54e790335fe76505c710b7039bbcb37b25d4325b279e216135b75af9221cc3061b7cf55fab8b3fb5c684af9890c6394bb4a44d7e27a667aefeb5b50144bd7608

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\_ctypes.pyd

Filesize
63KB

MD5
820451c7be66ef544219c74ee35007d0

SHA1
0e3e3cf7659eff9d46072614461e71076d14dd3e

SHA256
90777ea54bda95e8787f539e49a8e56c9228b1059bb4e47935799d55d54cf53e

SHA512
092c741f1081c5e9c5aec87252561e6b30b7513bc0aa93df2ea85d8f50eec7a1918c6a7c09c682175a04e09649129cd7d07cfaa24967295a2a1f893bc080a45a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\_lzma.pyd

Filesize
87KB

MD5
00e041a28fc678b2f474808a57445730

SHA1
bc9978a238ef64de05ab875ef6683668cd1185ba

SHA256
2837e89c9223d5c810c61ed1f866c662189d2543af9a6f75d75e7fb564f32316

SHA512
c71954efff4e29b9c0ac33373062e7c7bbb4e5ad02f75264765e077a1445821a4891e0a50722cd975cc27d489e873f0e1f4cba2e0b24ac75f8601efd8892a4f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
e8b9d74bfd1f6d1cc1d99b24f44da796

SHA1
a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452

SHA256
b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59

SHA512
b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
cfe0c1dfde224ea5fed9bd5ff778a6e0

SHA1
5150e7edd1293e29d2e4d6bb68067374b8a07ce6

SHA256
0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e

SHA512
b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
33bbece432f8da57f17bf2e396ebaa58

SHA1
890df2dddfdf3eeccc698312d32407f3e2ec7eb1

SHA256
7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e

SHA512
619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
eb0978a9213e7f6fdd63b2967f02d999

SHA1
9833f4134f7ac4766991c918aece900acfbf969f

SHA256
ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e

SHA512
6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
efad0ee0136532e8e8402770a64c71f9

SHA1
cda3774fe9781400792d8605869f4e6b08153e55

SHA256
3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed

SHA512
69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
e89cdcd4d95cda04e4abba8193a5b492

SHA1
5c0aee81f32d7f9ec9f0650239ee58880c9b0337

SHA256
1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238

SHA512
55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
accc640d1b06fb8552fe02f823126ff5

SHA1
82ccc763d62660bfa8b8a09e566120d469f6ab67

SHA256
332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f

SHA512
6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
c6024cc04201312f7688a021d25b056d

SHA1
48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd

SHA256
8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500

SHA512
d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1f2a00e72bc8fa2bd887bdb651ed6de5

SHA1
04d92e41ce002251cc09c297cf2b38c4263709ea

SHA256
9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142

SHA512
8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
3c38aac78b7ce7f94f4916372800e242

SHA1
c793186bcf8fdb55a1b74568102b4e073f6971d6

SHA256
3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d

SHA512
c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
321a3ca50e80795018d55a19bf799197

SHA1
df2d3c95fb4cbb298d255d342f204121d9d7ef7f

SHA256
5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f

SHA512
3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
0462e22f779295446cd0b63e61142ca5

SHA1
616a325cd5b0971821571b880907ce1b181126ae

SHA256
0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e

SHA512
07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
c3632083b312c184cbdd96551fed5519

SHA1
a93e8e0af42a144009727d2decb337f963a9312e

SHA256
be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125

SHA512
8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
f3ff2d544f5cd9e66bfb8d170b661673

SHA1
9e18107cfcd89f1bbb7fdaf65234c1dc8e614add

SHA256
e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f

SHA512
184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
a0c2dbe0f5e18d1add0d1ba22580893b

SHA1
29624df37151905467a223486500ed75617a1dfd

SHA256
3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f

SHA512
3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
2666581584ba60d48716420a6080abda

SHA1
c103f0ea32ebbc50f4c494bce7595f2b721cb5ad

SHA256
27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328

SHA512
befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
225d9f80f669ce452ca35e47af94893f

SHA1
37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50

SHA256
61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232

SHA512
2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
1281e9d1750431d2fe3b480a8175d45c

SHA1
bc982d1c750b88dcb4410739e057a86ff02d07ef

SHA256
433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa

SHA512
a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
fd46c3f6361e79b8616f56b22d935a53

SHA1
107f488ad966633579d8ec5eb1919541f07532ce

SHA256
0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df

SHA512
3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
0f129611a4f1e7752f3671c9aa6ea736

SHA1
40c07a94045b17dae8a02c1d2b49301fad231152

SHA256
2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f

SHA512
6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
d4fba5a92d68916ec17104e09d1d9d12

SHA1
247dbc625b72ffb0bf546b17fb4de10cad38d495

SHA256
93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5

SHA512
d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
edf71c5c232f5f6ef3849450f2100b54

SHA1
ed46da7d59811b566dd438fa1d09c20f5dc493ce

SHA256
b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc

SHA512
481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f9235935dd3ba2aa66d3aa3412accfbf

SHA1
281e548b526411bcb3813eb98462f48ffaf4b3eb

SHA256
2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200

SHA512
ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
5107487b726bdcc7b9f7e4c2ff7f907c

SHA1
ebc46221d3c81a409fab9815c4215ad5da62449c

SHA256
94a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade

SHA512
a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
d5d77669bd8d382ec474be0608afd03f

SHA1
1558f5a0f5facc79d3957ff1e72a608766e11a64

SHA256
8dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8

SHA512
8defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
650435e39d38160abc3973514d6c6640

SHA1
9a5591c29e4d91eaa0f12ad603af05bb49708a2d

SHA256
551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0

SHA512
7b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
b8f0210c47847fc6ec9fbe2a1ad4debb

SHA1
e99d833ae730be1fedc826bf1569c26f30da0d17

SHA256
1c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7

SHA512
992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
272c0f80fd132e434cdcdd4e184bb1d8

SHA1
5bc8b7260e690b4d4039fe27b48b2cecec39652f

SHA256
bd943767f3e0568e19fb52522217c22b6627b66a3b71cd38dd6653b50662f39d

SHA512
94892a934a92ef1630fbfea956d1fe3a3bfe687dec31092828960968cb321c4ab3af3caf191d4e28c8ca6b8927fbc1ec5d17d5c8a962c848f4373602ec982cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
20c0afa78836b3f0b692c22f12bda70a

SHA1
60bb74615a71bd6b489c500e6e69722f357d283e

SHA256
962d725d089f140482ee9a8ff57f440a513387dd03fdc06b3a28562c8090c0bc

SHA512
65f0e60136ab358661e5156b8ecd135182c8aaefd3ec320abdf9cfc8aeab7b68581890e0bbc56bad858b83d47b7a0143fa791195101dc3e2d78956f591641d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
96498dc4c2c879055a7aff2a1cc2451e

SHA1
fecbc0f854b1adf49ef07beacad3cec9358b4fb2

SHA256
273817a137ee049cbd8e51dc0bb1c7987df7e3bf4968940ee35376f87ef2ef8d

SHA512
4e0b2ef0efe81a8289a447eb48898992692feee4739ceb9d87f5598e449e0059b4e6f4eb19794b9dcdce78c05c8871264797c14e4754fd73280f37ec3ea3c304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
115e8275eb570b02e72c0c8a156970b3

SHA1
c305868a014d8d7bbef9abbb1c49a70e8511d5a6

SHA256
415025dce5a086dbffc4cf322e8ead55cb45f6d946801f6f5193df044db2f004

SHA512
b97ef7c5203a0105386e4949445350d8ff1c83bdeaee71ccf8dc22f7f6d4f113cb0a9be136717895c36ee8455778549f629bf8d8364109185c0bf28f3cb2b2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
001e60f6bbf255a60a5ea542e6339706

SHA1
f9172ec37921432d5031758d0c644fe78cdb25fa

SHA256
82fba9bc21f77309a649edc8e6fc1900f37e3ffcb45cd61e65e23840c505b945

SHA512
b1a6dc5a34968fbdc8147d8403adf8b800a06771cc9f15613f5ce874c29259a156bab875aae4caaec2117817ce79682a268aa6e037546aeca664cd4eea60adbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
a0776b3a28f7246b4a24ff1b2867bdbf

SHA1
383c9a6afda7c1e855e25055aad00e92f9d6aaff

SHA256
2e554d9bf872a64d2cd0f0eb9d5a06dea78548bc0c7a6f76e0a0c8c069f3c0a9

SHA512
7c9f0f8e53b363ef5b2e56eec95e7b78ec50e9308f34974a287784a1c69c9106f49ea2d9ca037f0a7b3c57620fcbb1c7c372f207c68167df85797affc3d7f3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\base_library.zip

Filesize
1.3MB

MD5
159031bf52a040d7571d9bb561d8f0da

SHA1
837b1afc6fb558a6264b1c604f027b3cf5210ffa

SHA256
5339e36be364c82eff95198409db0f6032a01fe46449f423f58aa4ec2744be6a

SHA512
e40e0828331ade639c40f2ef92b74c141315ed4242bc15a13aa9978ae91ed14eb9f98ce6bdd2454d9094d3c659010aee2f3d707f52e95d91fb228311e9d69a4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\crypto_clipper.json

Filesize
167B

MD5
6f7984b7fffe835d59f387ec567b62ad

SHA1
8eb4ed9ea86bf696ef77cbe0ffeeee76f0b39ee0

SHA256
519fc78e5abcdba889647540ca681f4bcb75ab57624675fc60d60ab0e8e6b1c5

SHA512
51d11368f704920fa5d993a73e3528037b5416213eed5cf1fbbea2817c7c0694518f08a272ad812166e15fcc5223be1bf766e38d3ee23e2528b58500f4c4932a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libcrypto-3.dll

Filesize
1.6MB

MD5
ecf92d1e849c1a4b89ed9dac0c2d732d

SHA1
bd2dbf194e9c891f27ef5b4521318d3804f76425

SHA256
afc166f8f1906cd75b4de9f7c72e92e36e4282437a02fedadb5ec3145c33c3a1

SHA512
44e3d6b37a11b715efb77c28c1c4fca4c25ba7f663183bcef4ba52e9c5271715f43f7b22b6307c6d8788c1ea4e8b709060b0a711aeae249164ba7bfd1d571f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\python3.DLL

Filesize
70KB

MD5
ad2c4784c3240063eeaa646fd59be62c

SHA1
5efab563725781ab38a511e3f26e0406d5d46e8d

SHA256
c1de4bfe57dc4a5be8c72c865d617dc39dfd8162fcd2ce1fac9f401cf9efb504

SHA512
c964d4289206d099310bd5299f71a32c643311e0e8445e35ae3179772136d0ca9b75f5271eaf31efc75c055cd438799cef836ed87797589629b0e9f247424676

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\python313.dll

Filesize
1.8MB

MD5
13e0653e90a091bde333f7e652ac6f8b

SHA1
130f3271120487b4aac482af56f4de6673aaaeda

SHA256
a89f9220c5afcb81b9a91f00b3bea9ed21ebd2cbae00785cbc2db264d90c862c

SHA512
ad513df8f9a53cb3a8e5bc430a977c4079e7d7547fce43fe29288988ee458ff2ea922eb979582fe4c276e58cd6ef8d771bf6535170554b82c5d54d87caaf5366

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20922\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zzx242bv.xh4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\edg3AD3.tmp

Filesize
28KB

MD5
583a92e3e37000f345e297ccf15e3c08

SHA1
76cee9bd8f27309c4af7aa52824a4d2eddb8f239

SHA256
82b24606ef96c7ee458df1be3e5a1ebc8714af9edeca19ac5b359d33a833eb3c

SHA512
42da33c01d3c7793ceb56f5c8a33f40a61a6ed6dfec437697e999443df5a3b6dbeaf9465bd7f18235c490c01ed87321628bb2bdf8a3eda6377488707d4ff35b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1332_817320498\82a7f957-7ede-431a-8349-bea04ab7097f.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller-6RT46J3CW2.exe

Filesize
7.8MB

MD5
e7859398c10c098e678bd8fd13681f10

SHA1
11b731fc9b78dc9a742b2c06b79015fc911fdfb0

SHA256
e756ce2935d54ce1f9a57d5518bf47659a5eb4aefef72dae5349d8b013ee7f58

SHA512
7a75b55ff6ec09fb777b171e7222a2f3aa58c95d7edd6a60a2bd99010ea95542eeb7ca7e8cc52b93edb0677543d6003fd9b3d08915ee8b8f2b291668c85c4adf

Download Submit
memory/3308-1326-0x00007FF97BCA0000-0x00007FF97BCB4000-memory.dmp

Filesize
80KB

Download
memory/3308-1420-0x00007FF987A30000-0x00007FF987A3B000-memory.dmp

Filesize
44KB

Download
memory/3308-1322-0x00007FF97C390000-0x00007FF97C3A1000-memory.dmp

Filesize
68KB

Download
memory/3308-1321-0x00007FF9876A0000-0x00007FF9876C8000-memory.dmp

Filesize
160KB

Download
memory/3308-1319-0x00007FF97C400000-0x00007FF97C418000-memory.dmp

Filesize
96KB

Download
memory/3308-1323-0x00007FF97C350000-0x00007FF97C382000-memory.dmp

Filesize
200KB

Download
memory/3308-1324-0x00007FF988310000-0x00007FF98831F000-memory.dmp

Filesize
60KB

Download
memory/3308-1325-0x00007FF97BCC0000-0x00007FF97BCDE000-memory.dmp

Filesize
120KB

Download
memory/3308-1293-0x00007FF988340000-0x00007FF988354000-memory.dmp

Filesize
80KB

Download
memory/3308-1327-0x00007FF97BC40000-0x00007FF97BC9D000-memory.dmp

Filesize
372KB

Download
memory/3308-1328-0x00007FF97BAB0000-0x00007FF97BAE8000-memory.dmp

Filesize
224KB

Download
memory/3308-1329-0x00007FF97BA40000-0x00007FF97BA6A000-memory.dmp

Filesize
168KB

Download
memory/3308-1331-0x00007FF97B9E0000-0x00007FF97BA05000-memory.dmp

Filesize
148KB

Download
memory/3308-1330-0x00007FF97BA10000-0x00007FF97BA3F000-memory.dmp

Filesize
188KB

Download
memory/3308-1332-0x00007FF97B860000-0x00007FF97B9DF000-memory.dmp

Filesize
1.5MB

Download
memory/3308-1333-0x00007FF97B4F0000-0x00007FF97B508000-memory.dmp

Filesize
96KB

Download
memory/3308-1335-0x00007FF97B4E0000-0x00007FF97B4EB000-memory.dmp

Filesize
44KB

Download
memory/3308-1351-0x00007FF97B3A0000-0x00007FF97B3D6000-memory.dmp

Filesize
216KB

Download
memory/3308-1350-0x00007FF97B3E0000-0x00007FF97B3EC000-memory.dmp

Filesize
48KB

Download
memory/3308-1349-0x00007FF97B430000-0x00007FF97B43B000-memory.dmp

Filesize
44KB

Download
memory/3308-1348-0x00007FF97B440000-0x00007FF97B44B000-memory.dmp

Filesize
44KB

Download
memory/3308-1347-0x00007FF97B460000-0x00007FF97B46C000-memory.dmp

Filesize
48KB

Download
memory/3308-1346-0x00007FF97B3F0000-0x00007FF97B402000-memory.dmp

Filesize
72KB

Download
memory/3308-1345-0x00007FF97B410000-0x00007FF97B41D000-memory.dmp

Filesize
52KB

Download
memory/3308-1344-0x00007FF97B420000-0x00007FF97B42B000-memory.dmp

Filesize
44KB

Download
memory/3308-1343-0x00007FF97B450000-0x00007FF97B45B000-memory.dmp

Filesize
44KB

Download
memory/3308-1342-0x00007FF97B470000-0x00007FF97B47D000-memory.dmp

Filesize
52KB

Download
memory/3308-1341-0x00007FF97B480000-0x00007FF97B48D000-memory.dmp

Filesize
52KB

Download
memory/3308-1340-0x00007FF97B490000-0x00007FF97B49C000-memory.dmp

Filesize
48KB

Download
memory/3308-1339-0x00007FF97B4A0000-0x00007FF97B4AB000-memory.dmp

Filesize
44KB

Download
memory/3308-1338-0x00007FF97B4B0000-0x00007FF97B4BC000-memory.dmp

Filesize
48KB

Download
memory/3308-1337-0x00007FF97B4C0000-0x00007FF97B4CB000-memory.dmp

Filesize
44KB

Download
memory/3308-1336-0x00007FF97B4D0000-0x00007FF97B4DB000-memory.dmp

Filesize
44KB

Download
memory/3308-1334-0x00007FF97C340000-0x00007FF97C34B000-memory.dmp

Filesize
44KB

Download
memory/3308-1352-0x00007FF97B130000-0x00007FF97B395000-memory.dmp

Filesize
2.4MB

Download
memory/3308-1353-0x00007FF97A930000-0x00007FF97B12E000-memory.dmp

Filesize
8.0MB

Download
memory/3308-1354-0x00007FF97BC40000-0x00007FF97BC9D000-memory.dmp

Filesize
372KB

Download
memory/3308-1355-0x00007FF97A7C0000-0x00007FF97A819000-memory.dmp

Filesize
356KB

Download
memory/3308-1356-0x00007FF97BAB0000-0x00007FF97BAE8000-memory.dmp

Filesize
224KB

Download
memory/3308-1357-0x00007FF97B9E0000-0x00007FF97BA05000-memory.dmp

Filesize
148KB

Download
memory/3308-1358-0x00007FF97B860000-0x00007FF97B9DF000-memory.dmp

Filesize
1.5MB

Download
memory/3308-1368-0x00007FF987A40000-0x00007FF987A73000-memory.dmp

Filesize
204KB

Download
memory/3308-1359-0x00007FF97CA70000-0x00007FF97D0D5000-memory.dmp

Filesize
6.4MB

Download
memory/3308-1360-0x00007FF98C5D0000-0x00007FF98C5F7000-memory.dmp

Filesize
156KB

Download
memory/3308-1401-0x00007FF97B130000-0x00007FF97B395000-memory.dmp

Filesize
2.4MB

Download
memory/3308-1402-0x00007FF97A930000-0x00007FF97B12E000-memory.dmp

Filesize
8.0MB

Download
memory/3308-1412-0x00007FF987A40000-0x00007FF987A73000-memory.dmp

Filesize
204KB

Download
memory/3308-1424-0x00007FF986CE0000-0x00007FF986CEB000-memory.dmp

Filesize
44KB

Download
memory/3308-1450-0x00007FF988340000-0x00007FF988354000-memory.dmp

Filesize
80KB

Download
memory/3308-1449-0x00007FF98BBE0000-0x00007FF98BC0B000-memory.dmp

Filesize
172KB

Download
memory/3308-1448-0x00007FF98C5B0000-0x00007FF98C5C9000-memory.dmp

Filesize
100KB

Download
memory/3308-1447-0x00007FF98CA00000-0x00007FF98CA0F000-memory.dmp

Filesize
60KB

Download
memory/3308-1446-0x00007FF98C5D0000-0x00007FF98C5F7000-memory.dmp

Filesize
156KB

Download
memory/3308-1445-0x00007FF97C530000-0x00007FF97CA63000-memory.dmp

Filesize
5.2MB

Download
memory/3308-1423-0x00007FF986F60000-0x00007FF986F6C000-memory.dmp

Filesize
48KB

Download
memory/3308-1422-0x00007FF986F70000-0x00007FF986F7B000-memory.dmp

Filesize
44KB

Download
memory/3308-1421-0x00007FF987460000-0x00007FF98746B000-memory.dmp

Filesize
44KB

Download
memory/3308-1320-0x00007FF97C3B0000-0x00007FF97C3FD000-memory.dmp

Filesize
308KB

Download
memory/3308-1419-0x00007FF988170000-0x00007FF98817B000-memory.dmp

Filesize
44KB

Download
memory/3308-1418-0x00007FF988310000-0x00007FF98831F000-memory.dmp

Filesize
60KB

Download
memory/3308-1417-0x00007FF97D6B0000-0x00007FF97D763000-memory.dmp

Filesize
716KB

Download
memory/3308-1416-0x00007FF9876A0000-0x00007FF9876C8000-memory.dmp

Filesize
160KB

Download
memory/3308-1415-0x00007FF98C580000-0x00007FF98C58B000-memory.dmp

Filesize
44KB

Download
memory/3308-1414-0x00007FF98C680000-0x00007FF98C68D000-memory.dmp

Filesize
52KB

Download
memory/3308-1413-0x00007FF97D830000-0x00007FF97D8FE000-memory.dmp

Filesize
824KB

Download
memory/3308-1410-0x00007FF988320000-0x00007FF988339000-memory.dmp

Filesize
100KB

Download
memory/3308-1411-0x00007FF98C8C0000-0x00007FF98C8CD000-memory.dmp

Filesize
52KB

Download
memory/3308-1403-0x00007FF97CA70000-0x00007FF97D0D5000-memory.dmp

Filesize
6.4MB

Download
memory/3308-1451-0x00007FF97C3B0000-0x00007FF97C3FD000-memory.dmp

Filesize
308KB

Download
memory/3308-1454-0x00007FF97D820000-0x00007FF97D82D000-memory.dmp

Filesize
52KB

Download
memory/3308-1453-0x00007FF983740000-0x00007FF98374C000-memory.dmp

Filesize
48KB

Download
memory/3308-1452-0x00007FF97B460000-0x00007FF97B46C000-memory.dmp

Filesize
48KB

Download
memory/3308-1294-0x00007FF988310000-0x00007FF98831F000-memory.dmp

Filesize
60KB

Download
memory/3308-1295-0x00007FF988170000-0x00007FF98817B000-memory.dmp

Filesize
44KB

Download
memory/3308-1296-0x00007FF987A30000-0x00007FF987A3B000-memory.dmp

Filesize
44KB

Download
memory/3308-1298-0x00007FF986F70000-0x00007FF986F7B000-memory.dmp

Filesize
44KB

Download
memory/3308-1299-0x00007FF986F60000-0x00007FF986F6C000-memory.dmp

Filesize
48KB

Download
memory/3308-1300-0x00007FF986CE0000-0x00007FF986CEB000-memory.dmp

Filesize
44KB

Download
memory/3308-1301-0x00007FF983740000-0x00007FF98374C000-memory.dmp

Filesize
48KB

Download
memory/3308-1302-0x00007FF97D820000-0x00007FF97D82D000-memory.dmp

Filesize
52KB

Download
memory/3308-1303-0x00007FF97D810000-0x00007FF97D81D000-memory.dmp

Filesize
52KB

Download
memory/3308-1304-0x00007FF97D800000-0x00007FF97D80C000-memory.dmp

Filesize
48KB

Download
memory/3308-1305-0x00007FF97D7F0000-0x00007FF97D7FB000-memory.dmp

Filesize
44KB

Download
memory/3308-1306-0x00007FF97D7E0000-0x00007FF97D7EB000-memory.dmp

Filesize
44KB

Download
memory/3308-1307-0x00007FF97D7D0000-0x00007FF97D7DB000-memory.dmp

Filesize
44KB

Download
memory/3308-1308-0x00007FF97D7C0000-0x00007FF97D7CB000-memory.dmp

Filesize
44KB

Download
memory/3308-1309-0x00007FF97D7B0000-0x00007FF97D7BD000-memory.dmp

Filesize
52KB

Download
memory/3308-1310-0x00007FF97D790000-0x00007FF97D7A2000-memory.dmp

Filesize
72KB

Download
memory/3308-1311-0x00007FF97D780000-0x00007FF97D78C000-memory.dmp

Filesize
48KB

Download
memory/3308-1315-0x00007FF97C4D0000-0x00007FF97C4E4000-memory.dmp

Filesize
80KB

Download
memory/3308-1316-0x00007FF97D830000-0x00007FF97D8FE000-memory.dmp

Filesize
824KB

Download
memory/3308-1317-0x00007FF97C4A0000-0x00007FF97C4C2000-memory.dmp

Filesize
136KB

Download
memory/3308-1318-0x00007FF97C480000-0x00007FF97C49B000-memory.dmp

Filesize
108KB

Download
memory/3308-1312-0x00007FF97C510000-0x00007FF97C526000-memory.dmp

Filesize
88KB

Download
memory/3308-1314-0x00007FF97C4F0000-0x00007FF97C502000-memory.dmp

Filesize
72KB

Download
memory/3308-1313-0x00007FF97C530000-0x00007FF97CA63000-memory.dmp

Filesize
5.2MB

Download
memory/3308-1297-0x00007FF987460000-0x00007FF98746B000-memory.dmp

Filesize
44KB

Download
memory/3308-1284-0x00007FF97CA70000-0x00007FF97D0D5000-memory.dmp

Filesize
6.4MB

Download
memory/3308-1285-0x00007FF987A40000-0x00007FF987A73000-memory.dmp

Filesize
204KB

Download
memory/3308-1287-0x00007FF98C5D0000-0x00007FF98C5F7000-memory.dmp

Filesize
156KB

Download
memory/3308-1291-0x00007FF98BBE0000-0x00007FF98BC0B000-memory.dmp

Filesize
172KB

Download
memory/3308-1292-0x00007FF97D6B0000-0x00007FF97D763000-memory.dmp

Filesize
716KB

Download
memory/3308-1290-0x00007FF9876A0000-0x00007FF9876C8000-memory.dmp

Filesize
160KB

Download
memory/3308-1288-0x00007FF98C680000-0x00007FF98C68D000-memory.dmp

Filesize
52KB

Download
memory/3308-1289-0x00007FF98C580000-0x00007FF98C58B000-memory.dmp

Filesize
44KB

Download
memory/3308-1286-0x00007FF97D830000-0x00007FF97D8FE000-memory.dmp

Filesize
824KB

Download
memory/3308-1283-0x00007FF98C8C0000-0x00007FF98C8CD000-memory.dmp

Filesize
52KB

Download
memory/3308-1282-0x00007FF988320000-0x00007FF988339000-memory.dmp

Filesize
100KB

Download
memory/3308-1280-0x00007FF988340000-0x00007FF988354000-memory.dmp

Filesize
80KB

Download
memory/3308-1281-0x00007FF97C530000-0x00007FF97CA63000-memory.dmp

Filesize
5.2MB

Download
memory/3308-1233-0x00007FF98BBE0000-0x00007FF98BC0B000-memory.dmp

Filesize
172KB

Download
memory/3308-1231-0x00007FF98C5B0000-0x00007FF98C5C9000-memory.dmp

Filesize
100KB

Download
memory/3308-1228-0x00007FF98CA00000-0x00007FF98CA0F000-memory.dmp

Filesize
60KB

Download
memory/3308-1225-0x00007FF98C5D0000-0x00007FF98C5F7000-memory.dmp

Filesize
156KB

Download
memory/3308-1217-0x00007FF97CA70000-0x00007FF97D0D5000-memory.dmp

Filesize
6.4MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads