f304e8d349cd81cb5d7dfe4954d04a0ae13376104ba52b24d7d662cd13ed8918

Analysis

max time kernel
1049s
max time network
1052s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

indexsubtitle.txt
Size

40B
MD5

9999e2a05c15cc97d4867567225ffd37
SHA1

aa0ba425bf0d559c38788ba284488a6c0c0fd831
SHA256

f304e8d349cd81cb5d7dfe4954d04a0ae13376104ba52b24d7d662cd13ed8918
SHA512

13dae52713df1de587fd776e793866f5c5d0b43fe467f96e53f887f77d7bdf7ec0d5f40c76bbbe6c8c05bc2723471940e272a71e2143d4d66e31a7fd7c26bad8

Score

8^/10

steam defense_evasion discovery phishing trojan

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
142	4984	chrome.exe
384	4984	chrome.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Bloxstrap-v2.9.0.exe

Executes dropped EXE 13 IoCs

pid	Process
4000	RobloxPlayerInstaller-MRT34KVJGC.exe
1756	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
396	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
5796	RobloxPlayerBeta.exe
2952	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5856	Bloxstrap-v2.9.0.exe
2160	RobloxPlayerBeta.exe
4716	RobloxPlayerBeta.exe

Loads dropped DLL 22 IoCs

pid	Process
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
396	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
396	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
5796	RobloxPlayerBeta.exe
5796	RobloxPlayerBeta.exe
2952	RobloxPlayerBeta.exe
2952	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
2160	RobloxPlayerBeta.exe
2160	RobloxPlayerBeta.exe
4716	RobloxPlayerBeta.exe
4716	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller-MRT34KVJGC.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
355	camo.githubusercontent.com
356	camo.githubusercontent.com
357	camo.githubusercontent.com
358	camo.githubusercontent.com
359	raw.githubusercontent.com
160	camo.githubusercontent.com
353	camo.githubusercontent.com
354	camo.githubusercontent.com

Detected potential entity reuse from brand STEAM. 2 IoCs

phishing steam

flow	pid	Process
430	4984	chrome.exe
445	4984	chrome.exe

Suspicious use of NtCreateThreadExHideFromDebugger 11 IoCs

pid	Process
1756	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
396	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
5796	RobloxPlayerBeta.exe
2952	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
2160	RobloxPlayerBeta.exe
4716	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DevConsole\Close.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\MenuBar\divider.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\MicDark\Unmuted0.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\InGameMenu\TouchControls\jump_button.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\ExternalSite\twitter.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\ic-profile.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChatV2\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\button_control_previous.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Emotes\TenFoot\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\MicLight\Unmuted20.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\button_hierarchy_opened.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainEditor\arctic.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ArrowCursor.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\avatar\unification\CollisionHead.rbxm	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\configs\UniversalAppPatchConfig\UniversalAppPatchConfig.json	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\img_dark_scalebar_bar.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\models\InExperience\InExperience.rbxm	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\InGameMenu\TouchControls\move_area_portrait.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioSharedUI\ScrollBarMiddle.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Keyboard\close_button_background.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\MaterialManager\Texture_None.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\MenuBar\arrow_down.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\InGameMenu\TouchControls\backpack_slots.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\R15Migrator\ic-blue-arrow.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\XboxController\ButtonY.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\NotoSansGeorgian-Regular.ttf	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\graphic\light_bg.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperFramework\StudioTheme\search_12.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperStorybook\Story.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioSharedUI\MeatballMenu.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\import_toggleOff_dark.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\icon_warning_ik.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\LegacyRbxGui\scroll.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\sounds\ouch.ogg	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\LegacyRbxGui\health_greenBar.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VR\button.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\InGameMenu\game_tiles_background_desktop.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\image_keyframe_linear_selected.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\loading\darkLoadingTexture.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\period.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Settings\MenuBarIcons\PlayersTabIcon.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioSharedUI\videos.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\mtrl_salt.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\backspace.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\XboxController\ButtonLB.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\RedSpeakerLight\Unmuted60.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\avatar\meshes\torso.mesh	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\mt_generate.png	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller-MRT34KVJGC.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\mouseLock_off.png	RobloxPlayerInstaller-MRT34KVJGC.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller-MRT34KVJGC.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller-MRT34KVJGC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller-MRT34KVJGC.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller-MRT34KVJGC.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879513966297801"	chrome.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\ = "URL: Roblox Protocol"	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\DefaultIcon	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" -player \"%1\""	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\shell\open	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\shell\open\command	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\shell\open	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-361fa88592b64089"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" -player \"%1\""	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\DefaultIcon	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\shell	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\URL Protocol	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-MRT34KVJGC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller-MRT34KVJGC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox\shell\open\command	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\shell	Bloxstrap-v2.9.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\roblox-player\URL Protocol	Bloxstrap-v2.9.0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{01ECCAB0-AE26-4ACF-A17C-C6B7C2D22B76}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2804	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
5496	chrome.exe
5496	chrome.exe
1756	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
396	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
5796	RobloxPlayerBeta.exe
2952	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5856	Bloxstrap-v2.9.0.exe
5856	Bloxstrap-v2.9.0.exe
5856	Bloxstrap-v2.9.0.exe
5856	Bloxstrap-v2.9.0.exe
2160	RobloxPlayerBeta.exe
4716	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
5856	Bloxstrap-v2.9.0.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of UnmapMainImage 11 IoCs

pid	Process
1756	RobloxPlayerBeta.exe
512	RobloxPlayerBeta.exe
5092	RobloxPlayerBeta.exe
5128	RobloxPlayerBeta.exe
396	RobloxPlayerBeta.exe
1756	RobloxPlayerBeta.exe
5796	RobloxPlayerBeta.exe
2952	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
2160	RobloxPlayerBeta.exe
4716	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 4164	3644	chrome.exe	118
PID 3644 wrote to memory of 4164	3644	chrome.exe	118
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4548	3644	chrome.exe	119
PID 3644 wrote to memory of 4984	3644	chrome.exe	120
PID 3644 wrote to memory of 4984	3644	chrome.exe	120
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121
PID 3644 wrote to memory of 3592	3644	chrome.exe	121

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\indexsubtitle.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd2ed0dcf8,0x7ffd2ed0dd04,0x7ffd2ed0dd10
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2072,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1576,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand STEAM.
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3908,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4444 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4672,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5428,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5636,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5644,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5568,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5620,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3360,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3244,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3220,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4536 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3416,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4500,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3968,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5840,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5948,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6108,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  PID:2272
- C:\Users\Admin\Downloads\RobloxPlayerInstaller-MRT34KVJGC.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller-MRT34KVJGC.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4000
- - C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" -personalizedToken MRT34KVJGC --deeplink https://www.roblox.com/games/116495829188952/Dead-Rails-Alpha -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6508,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3692,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6936,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7064,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6576,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7336,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7512,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7292,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7460 /prefetch:8
  2⤵
  PID:5076
- C:\Users\Admin\Downloads\Bloxstrap-v2.9.0.exe
  "C:\Users\Admin\Downloads\Bloxstrap-v2.9.0.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:5856
- - C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
    "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5540,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7312,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7864,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7880 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7192,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7692,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8048,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7568,i,10181458493176317583,5254125653327856773,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7620 /prefetch:1
  2⤵
  PID:5460

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4456

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:512

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5092

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5128

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:396

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1756

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5796

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2952

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd2ed0dcf8,0x7ffd2ed0dd04,0x7ffd2ed0dd10
  2⤵
  PID:4080

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd2ed0dcf8,0x7ffd2ed0dd04,0x7ffd2ed0dd10
  2⤵
  PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd2ed0dcf8,0x7ffd2ed0dd04,0x7ffd2ed0dd10
  2⤵
  PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.7MB

MD5
a679a17f732d6c4e4799f4c2a5c00b4d

SHA1
79778557030a4ce1f0a31f1d93878c931bc932fa

SHA256
6472c6e314e51269d9455fbeddb982a6af07269420c23fbb09d2fbdbff49dcc5

SHA512
ee1843c3c4be3c1b82629d45432748b2e84c3025a19cf65fb9f80b6ac214a2d1411152a4ae196d5b02fe535bf6aecf2ee2a898f475394cc23815a30d81e679db

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.dll

Filesize
14.9MB

MD5
708a873f0b36b02b8e92f738d414b918

SHA1
4ca5646a00859ca875b93ab0b111265684a74c74

SHA256
485c0ed2fbbf74c7b18d95e4800da48f2bc90a030551ca21cb2060bf092e1679

SHA512
01af8f6e0cc2586382acaab92c094bbf9b6d735c0a1a9f2bed678e700026209331bc77d3541f6db462e5daf8846dc2f5779361dd7082ed17845386d177cb6a3d

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\WebView2Loader.dll

Filesize
154KB

MD5
577f05cd683ed0577f6c970ea57129e0

SHA1
aedf54a8976f0f8ff5588447c344595e3c468925

SHA256
7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf

SHA512
2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
da7f47b4cf9038b38109538ab8dff665

SHA1
6649d2e72f37cd3e5f9a77c901c22cc0d5cb1a4f

SHA256
8da66a7b8a67293020903af9ccb96057dfb2dc2dd6acb8e22640752181cd143f

SHA512
4cead15c1f649eadae9f21f976b8fe5d97c8403ac7b0cb8526f0968c06d6ab702757a7a303d7f3c75a28657c38eead749f34ad448439fd29b74cd6c5148297ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ee09a789ff689a0ee1fa247010481ea9

SHA1
770ac4e8f4b427e6308f413a79ac9a49dbf16179

SHA256
d9f7b88ae21c6d9c46eed5fb336b03e0091aa9e27b7c21b459a5940eefae24cf

SHA512
d91c6f2e8e4c6c6209a5e9cb9c45cc56708cf57bdb7efef3c928df8984ce23bdbca71839f0672360ad004f3e7cd6fb550ee1f9420600e5d6ef8e654c0a4abf8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
1901d2bcbbabee4bbb9804c30642ae2b

SHA1
f31774bc12614be681c0b0c7de3ac128f0e932db

SHA256
15eba349e5829f11363614b8f3dd9c3d04994586601d3c4c4d8069e0f5655310

SHA512
bdb94d7d8cf47b239c61559545b1dd26e05da909fec05d215471388545879cd8ec9e1fea51c04ed43927e2b07b5b80a74f09eb9038c8d9045e4161ea69df215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
72KB

MD5
7b85ce6d64312e6f0d8f712897a45a66

SHA1
431224de66f74e70ae5b37a67260b795352861eb

SHA256
03a79fc56e2b58121ca2fe5938be882582ca7c26cc4208ebf777de6220f59fe1

SHA512
b22d7680c82a5a45d0094dc16b0983ff59c5e3e0567d2854be14cde6a56af63729a1c4e041223fe26569e92961c49a80d603136e88d60f8f7b78ca1999b4fb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
413KB

MD5
b4bcebc0eb3b63d963ee10a3b8534cb3

SHA1
40e7acf80cd514cc5216199d52b08a8a88e27e3b

SHA256
e9bcdc508a814b7810188fe31789b47303d09696f43df50daa11022218be37a5

SHA512
ed976434b89bea9d5c6a3d2e4e476c8616d8977dfb289b5ee8b31bae2b725e1d280fc1eb3fe63b0470072f88049dc69a8208b5bb2b7306a95fb107d32a69589e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
101KB

MD5
346ff7657171b90f2030a7abbcfcd2f7

SHA1
b7ec847176d5f068a3274e2e07f9e5c19e9dc6f2

SHA256
6ddefbfd37965861169cd21fe3aac1a36f4f4e4d4da6ab70a8f8533a0bab969f

SHA512
dd5bdb34d9868180d8ea7127b61c2ebf424b33e7fc198a03315b1c18a8afa159ffd1ffd376de94fbef5ca42f25c9eed3c04e96ee7f9e0e7e76e7856aa02d60ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
228KB

MD5
d954b3ad7a6c0422512254397ebebd3d

SHA1
0e58374a39cec398d027f68bc520bbde846b3cce

SHA256
ad79dd23afdbc3d4cfae8047baac7dcb5d247659cb762a49b46329d93dcc2aef

SHA512
ad996f7bbd4d43eebd4b5c1145ca2aad83563e9ca2cd9243cc203f30f4d9a537388b4e227974b5df624dbd2b876dff6b0c9b2ac4f3f909728fdb4f3eacfc3fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
203KB

MD5
bfce70d691a04321c406d094d46749a7

SHA1
922b5c2079375f93d6b826cf08c4f1887e5fb340

SHA256
33a1244498e6329ee5a2b74dff27696120887975d5508e70e7501496d0a3c47c

SHA512
632aaea3829b26ffea9a48fb9493750df83b63a55038265da07dd601822bbb9a40bda04b942794d7ae599cf77096b2ab9938a75e100cdab529267f60e1aaef77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
320KB

MD5
12ad3edcd307bf8981d60d25fd32a3d4

SHA1
35efed2c8ca2fc18565a0fc0282b6847d991f98e

SHA256
7627a081fcb0d37c61a8be25bada732b50330a7a7145bdd380fc31350b31ffc8

SHA512
4fcfdb7762462e50c3ebe75c9666aec37de0faaa791d7ee6efbd4a9215378add8683674acf08e7c913216c4e102b1b5a03be48cca68f6983059af1e9118b65ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
105KB

MD5
da7fcae4308766368611b35916374158

SHA1
05a209260fd46aa423fc8dc987f4b1730efd82af

SHA256
6caaf6eb26118dd3e9fec44d6c8aa9158817d6599a15dc4d8329aac4bc9dad19

SHA512
c4d3c326b530f2f8fbc2367fadd36a3960435c7b00113a211cd001f3d9f4ac08fc58e8f26063869c37f425abcc8a7e68343ed9b96a90471aaf72658555173b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00012f

Filesize
43KB

MD5
bfef1c88c7a2462d08b6930531953552

SHA1
6392a0f160eb73330bebd4c324535445e0783231

SHA256
5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b

SHA512
339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013e

Filesize
75KB

MD5
888179a4130602dd18d112f671528faa

SHA1
c7b1567b886d5e42b57979c1258cb8b525ea39f8

SHA256
b81d86071b407f66210f9a558cce7957ff55529fbea813d9f05b195c411c9a3d

SHA512
a1b58ac07f5ec6919bf7078dcdc33625be1278f5d5413ed16e78fcdef1915e46ed9af8ea43e15cbe0211c8245fde7f9aa34bba5eef127b136e08a9a8db2f9d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
aa86c722ae80a2f089731b7414df7f13

SHA1
8929f8c59a598a84001a2b50207047ede53b3a42

SHA256
f3cb73dbc580f2d819bc28a1ff16d0cd345a8ca450afff0dc282c852107c8616

SHA512
4198a4cc706615d8b8d046ab48d2c55ac4dc290c9ad7ab94895e180149620fd19ab64fc19b36864f9c38b7f4a3663bf997ff085f9c89560626838f9c7949d0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
39a15563d7ea114ce4d2b021b6ac65d4

SHA1
43dedff74583860e2540a3287a1d4b7a11517a4d

SHA256
c04c5445be16b6d88db12a37c0a80a202a96d7f009ba29de295851f34359bc52

SHA512
9234bc1113e30fd456f378418eaa5e10ea9e9eba61544e119ad3e74a7e0d2f7e15c515bc55efcaa3750c70b294a6b2bb112e2ca7427e7c1363a11dda656d6f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
e3d6a6c9367e37d582c65d75b3a50528

SHA1
0e1d114f7951a30e23292e28268b6eeb87b7d2d5

SHA256
2e9885af74776db1440534d11e73ca4e76732ac41ccf90e1e396d2f1f92661bd

SHA512
9ae3e0e7eb9d17228ddfd1f3f9535c48f5f520bc64e6e54793de30e4d52e3e5b7bfbb1de03a52356293da227da1f8f50786484edeaef25a1b5ee496de3c92222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b40e52a30d3c975d3e320aeb9b49cac4

SHA1
2eb19f61c3f37aad6911b7516218a09b3b6d3634

SHA256
c94d21cd74950cf992563aee7fd8040580147f6f591edcf5d77b883254a96f21

SHA512
bfed4623f73f65f47906894913a007fd26b2c712ab305def57757c38430e987907695d49448d0b2af954351e0d2e66d8c354468170ce0f62a2d816d2a711d9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
fdc82ef9b21219b64736b5e90a05ea19

SHA1
774e44d50406a223fd975a357e479122accab22a

SHA256
a3a53fd0562ebf0c5c4b40c2c9eb448c44dd6f3b207234c22fb0126898244220

SHA512
8eb6a1c209b83f0f73044fe93b6b012d8a7952ae1108e9986a0f7f0644d0852b5424f27202d8024dfae1f5a72d10a23d19d3233387011942da0a5d6b1835a6f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
36f5e12a1a9a9e880fc683b92fda1d52

SHA1
8cfc0b5e9502787ed7021e39a4ad65ccd69b3c56

SHA256
cffcd0c15e3d6a6ed60c6360f79e2dfcd30cbea6e49a361b5eb1975f48cc5984

SHA512
200bf08ef65520159320cd00fec0259276512fc9fc3b72439450cd2b099e35363143e6e18725bc5ecfe999e50d410ccce47e2d452702817b4a6a1827fb5e3e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
d3b27a99c7dcfc29779327cb208790be

SHA1
b2a83ac4bfb4400a42b7b84b9b9b75505ced14a5

SHA256
b6a401b04c39aefec173b9dc1c216b0da8f6dfd86e9a2b0c0b7ccde8a36bb8e8

SHA512
95921669d433713b7765eb7179c8ec2be0be25c3456e41aab9528fbad75531db90bc902a90cccc341049884877f44af40b37a06e85cbefbd749179d7546cf01d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG

Filesize
716B

MD5
bea53a85a01054454c625d927bccadef

SHA1
c6f63e8946722e82e23df6dda44979316dc73be4

SHA256
a989a8f29e1c3b61f51bb7850366afdc12e037b0db20e6c11599d2a31090bacb

SHA512
da0f1d49f24d56533d8b808b46b63045dae07babe4960aba52fce85474a511ff6790c6e1f3c6493431ebbebdc6a12adf99e92752bf1767fe18b83fd9e08933d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
e5e1ebe8b6bd4de7f1d4ff822db3c42a

SHA1
e7d6fdc03e07103ba49a6e8d556ab894a451fbdf

SHA256
7ac41ca38ac761548aad689ba004b6bf6268728384beb2b0fd646075334b55c1

SHA512
bd44ae75dc10e06a8cf6f0a11b25cd5d14e021de206dbe9012d630dc0f93c549f1bac7948528c41dec03d1574dceba6529f5eaf284205a2df3649d5248610422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
2cbc7da0ea654b322607c5a7d64c7345

SHA1
0637448b4513c9c5b979d37d9af3dcc7162186b9

SHA256
2e01202e7892647e7b160f0b0c160d0ba115f6aa502d282ab354ca6d6461168f

SHA512
1acc7b7abaec48ae8cad955001180e795b1d06ec9f91c18babcfefac28c9d5073cad45433869823728e8cb306dd65b654de335ad3cb7ef5dd0c88d3e4101a61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
0b74f1c66c291990f6bd67ca7a4a24ae

SHA1
53b7fb9d0ce40e12896ae06c81f169f53bcad2cf

SHA256
881b51e361c90d93becdbedfe3461d1105dd45d21fc4df7109a0b0bfb0d34879

SHA512
17d61f09bf042688ecdfbc723de32f77a00190614014f9f0624e746d4255669424ac1ffe0d4df09edca7234dfa7300ce603e24c3f9b1c20055b8e64fe9bead30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c9040f330b5bdbc4e1d5834601e9f610

SHA1
3761ad9cd2029efc1fe5782ee4be63467c7fbde6

SHA256
3632fc6b22da2317d394b4977a1546d05a46fcb6967fbc8fa77872f65e871cbf

SHA512
a6ac8b5e6b66cf10f24e3cddac139bdfc0e48e87bdcb4ce619cf48309599dd56ddaf4574f56106250476fe5ec66e32f4b2f2ba5393162b9b062f2c53942204c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d7ad60eac127f5b404d9dde349d95964

SHA1
3cae8bc6830be2fc065380fd8d8be296fdcd61d2

SHA256
43c95d2711f059027a783af4b9aa91506fb6eab4117573bd2bfc2bb0ae8eea2e

SHA512
baee34a3624ff10e6c89ccd316d858644c37854cc62cc6c5abb32c96fcea544f4ca8f30e1f7996c0cf913e588936da6fbc1a660284ad0cfd895b957346b3e6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
5a75a68c2bda6db46e0c4f53508eeec8

SHA1
5c4429cc8d3006fed3c3497a61cc75625cf8e538

SHA256
ed68904fdeec85675d3f0fa8ff39e093f2c8a0558d5167663769f80c7dfcd85d

SHA512
efcdf5900809be711975a4e5c1dabfc84dbfe7a6e1e45490267fa007da3be624b22ef14aa8a78b61f45d65bca62560ff328712bb6bee11f892239cea95ec5bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
519dd133ef4b6c43c628e963d33ace28

SHA1
1fac704c88e9f30c184f815e4043d92e27b70e2f

SHA256
5010663772403cbd1258afc73c059a0d72826af1ba257bc8f69ac9be6db98ab4

SHA512
c9f5d28024848a5917bbbba78d7d7814ee17a0deaa836790cc6dfd9531c9ade3b6ccf33d9c71dc5ed97d6688c93f3cb7865818fc2365767c53563c707cd87b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
876401323c0127ece0e76c356cf9fab2

SHA1
c958703649e4752c0b0d4850e499246a0aef17dc

SHA256
18ea4352a872f28f7ef07da76cd35294eed2e63b7f96c2950dca49b90c47c44a

SHA512
64b52db117f42a225198bd49445765eac43de4348a0c37e239be8d9672ede467220acbbf78e3a5e91d0d3059780b8a443dbe394292199472834968b36fe00e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e09958c664435fadd20cef355ae82112

SHA1
cc2c16de60eaf60bd90fe8f0db42c3b79ad2a1ca

SHA256
587d9823d837f8f71af01ffb6536ced7dc10d7b88dae46c9d4fed5f530dba75c

SHA512
21aa25b60e81b0f3890a767c47778a948e27a660895cb3d299489b318dce39bf69d2e589a8b518734e558c9b6d3e4725b06df5cab10c7aacc5dedcf2b52d4123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b30fd24083926d7e2ae4e989610f79cf

SHA1
d84378519b694b5cd6e53843b374d460988f02ec

SHA256
709fa3e8ea94d76a9035bdb0562ffb01ae2134974fd3ba5e4873a4b49f65d5cc

SHA512
311c2f9c1df7d6b32d2a560f4392095bf500d70a429153c4dc5493c22adc5fcd35f70d0d1b25f419a79ddb9b9e0fbd4c8b719cb45b5458c7921b564622156e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e1c1380b516f43a417eb8423de4a710

SHA1
88a2896bc39ffd3fda0f8dfd4896a9efd0b62dd7

SHA256
521605df3cb2d129b4ad6b494d66b8eaf4633b8a76e042468dc7fa9bb46fbd64

SHA512
2e5669be4dcdfe0f872f3eb50cdbe7f59fa9b04794d46e130fff38a1cb9f693fcce0bd208dfbee5c075bd1155b399f8a5c1ef41254427164e310bf2688a8d38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
719791f97aef21a0d1a7937c41daeb39

SHA1
d165669c03fa9b39b03697ce49a0c02f6bb83f11

SHA256
f34aad3aad87875f827e29abe620070b8dfa3b1cbd857752f965d686f6b4e117

SHA512
90a10ea3242b2197a484677a3eec2cca3ae005930425e86bb4c9cc2b1b0e264ff706266cbba588d06230412c9709079a3b1c62a4bf80895a3c15ec033350cc9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
832315acf553a4f44483d6a0601434d1

SHA1
e465cdd75a3cc69b3d111ccfa982546a04de246c

SHA256
b718ff06c82d0155f38f41f8f418e8bb1f54ba2759dfd685593ba9e5681b11dc

SHA512
551d8150c556658b5835add5e37c6509613f61d70aefa756ed802b2f0baf00d493eca3800e4578c9bc1bcda907f64e14ebca49df6b25ecb40da4f66b2c064b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5fcbb4a2bd215a14b064927d42436f2a

SHA1
d36bb9d47e00bf9f2a2b0c40146cc63ab71141c3

SHA256
38470dc562f05997a52fce0a6a2e866d9defd0ef0ebab7c6f5c3ae4886aac988

SHA512
70db1e7a2981436dba3ba4209128b9878adc9ba4310aedb93bc8ec5a9daf6fe9c3685de5001a8082b41b4e05ffd8c5a4d2570f7e455da2d82925ebf3f20a595e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a5ef992e4005d36346069192214b4ac7

SHA1
3ea1fa40120bbe2aeb5891e6f5fdb1f2978a780c

SHA256
3b4ff68855621089ac6529dc29ed32bc136f457db5f41576a00c581d19476141

SHA512
e61da097d09281d7ea205777d50cbf82f87b7244d2e1bd344a51f342ebcc2dfa1973bb0d8b12d344323105658c9d182dc970b68319001c04a18b34f826e91a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
30664a8388b133592325e9f6d0228458

SHA1
fee2270f599fe228b8441fd45aca89eb97a7f1ef

SHA256
c8a45c55e3b8d4b9426405ca695bceae52fa2d5b805177f255b8fe555792153c

SHA512
7350c19a38159b3e23429b79ad537c7ddce564947d15a839f0f5c2421ae3a70766db73288d3e26d5f68cf05aea8a727f954eba652e01e45b1318862ab83cc9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
30fea74d42abadba176d707094cc826e

SHA1
0c60e9d951fd2fd1f5fb2be33b62894be6d71913

SHA256
73d6b1214f0c75e790e72617995d67a18a3a8243dbe877c241d46758a79fb965

SHA512
b193bfdf63dd501214414a20e97db4c900f0bb3fb590ee73896e54aa82eeb24cf420eabb3a18981f6d534d2d5704cddc367533e50b06b627da03c9d106580d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c20c873e7bdc69ff1d5d0516ad97c194

SHA1
0217cc43c088852d93b1497c0ca2f9277b2cb176

SHA256
b0c8a23371ae0edd7580772537550d7d77df3346a96a3394c0fb960ef7ca4baa

SHA512
ac3c8a60eeb6a43d096bdfcf774e51ec31c6b6728ecd7b670dc6732df1baaf5c04eed419ef9aa5dbd9310c8d3592cc2855d4c398683a9d99924e06a99a4f2e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9050a34a8d7be06c77ee575706176dd3

SHA1
8e4dc20bd00bc705d120672ea0b2c92eca6007f2

SHA256
e9d1c2d1a7ec6562d3b17fbb3a9b46320da987116bc899943e8013f6536eb035

SHA512
a517dcfd327cf6429286293b2caf8efe6496364908e22ea3f4a691c22f1a6234acc03341d204e8891b8918d783c67348c8c385ab08d0c5e51ef41dde0628491b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
132718f8283310766240996132e92e88

SHA1
d47c11212cd9e306a126392486bee414200b3604

SHA256
af4c276c106670201afbaef608817243779b2ed76b21cb1616b2c665ce552489

SHA512
88a96a043250b406e824509e47bf24d5ede044b230f271df4690aead4c53fe55031936f4959dfe9de18e656c4d9c4edbc6257dbccc4bd730ce80eb75b84bc7e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8ec9884d30928cb7a3417dbeffd2f88d

SHA1
cc7cce0c90157b04e43e7977ad8078b75935857f

SHA256
61610366247373288563190d0731661a265f9c9c8fafb24123047fb5bbc32341

SHA512
670ecfe0cdf31f4ce01a7fca9d5e724bfbb376e4f9a2fa70f66b19a9ab59376f182846216db4a68284edc1fd5c026a35baa2f2b0203206104a964761137aeac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
efb4d2b21f473286082b468fedc0b786

SHA1
d3c4149585d7869cb8a6a34d648f6e9923fb6274

SHA256
3e08bd2db01f35a226603c6e2f4bb8bde8538cfcecc9b17db59f16ba8d3078da

SHA512
54764b3a5f1c3a073074bafd360b6f8d47d8ef569275947af7a1a397ff72e1d6de80abba2e200fe6386580a2d6197fa0aa1667aaff47c4992236ccfc3fdb928e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3e3736ae13d38be7a5ac1404816a7299

SHA1
a5d25ecbda0c87d68d81a61b63118ebc7d802e24

SHA256
583fd108c04c7e58d80032ed033ca5869a36d72af22e03ce7253ec76f1b687ff

SHA512
cb347f1fa0366de435ac658837c22468e35a5f9a5633dde1c4b392e77dc3e1a2681c1b7017964a2da6c4a65899b2a5349586f949fb6ff9f1709f31037c126dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9e452c0b3ac1f1266fe04ed3363193b0

SHA1
539c3cdf6c138b50e17f37188f334490fc3391c1

SHA256
ff993af7ec39b506b8acadc47b90a51e77c776b7ae7495a5067e1a9ac6fa7877

SHA512
6bd0536898a3eb4d7866b2d30c250d4eb59fa012690d8a14d5a1b151318ac72621e8a852302cf9239ed5b49042912bfa5d66301e8e0ffd03309f6a7a1ac5042e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5d88c3272c8e6e84b05f3651f460752f

SHA1
a695b71296093e89171449a96edc79484653639a

SHA256
c18e3b93be0b0218feb84e6bb97bf26e15bc8d1111db20af8103536b2f310afd

SHA512
2dfa55e63fca9f4f7af3cbd831b735131342cae7a47cf06da75661ee7931bcea4be38476b17cd60b9fa2db092efb137cde379f9d1def968fc9d35621298079fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
737ec2b61aee6cba9c45c2d6cf44c1b9

SHA1
61785d16ee12adbc6306b678de1332bb79dd841e

SHA256
ea74f2ef26609ec850d0b779999afdff08ea996e68457327ad54a8e8d4b749e5

SHA512
29fa9d404ff65b15ca30f83b5344046a054983a43a61faf300178348c82c465bbb8c38180ac4c0a58239d15ee580cf3016354a93c5c59fb6561a3a45f16032e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cfaac575eeb396ebcf6397fcd3d2f063

SHA1
30e5513bccabd2157f47e06682c650501b59b07c

SHA256
c8e52ee5e60f8e54aa3245054bb7dbe6fc06f7ef36f98caaaae33c30a95f2a70

SHA512
1c1027caa33b1c506a7514ed78f58710773fe8801e8492a1b37e391eea1589eb85c5a61042b80e34cc65d4cfa39a00fa6f4636ad49fd3848948160f7343e6c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
90d69c76051f1495407d774e1932bb92

SHA1
65e9deaa6a227aa4099b606cb138aab7ee6088e1

SHA256
c03a3de51c3a30b3ae05b2ede68f61d5451f434ecb34b5cc77a3bfa0f0dcf70d

SHA512
600c2566c78af5d5e75a604374b662c4dcda84a1fb9f8e990c1e7c2f88bd3616ca63dc74b77760efa1786e2abe383ca0799b048db4c16dfdde3127f450bb82f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8f0a9716ca3ca337c5a68d0a2aecf3d5

SHA1
0733cb7b56a778a65840f5f826c878fce78918df

SHA256
27f8932a551d1eed5d97aa57b832f919d24dd3080f35159f01dc86ea53c51ff7

SHA512
9ee46bb9886bfe583f28932e8bc1ec63417f3bfc3e62c8dfad25d66e8347c5c55801e461e82647e16c17b527f22031bdf44c587d7678e6108b42ebc8945661c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587114.TMP

Filesize
48B

MD5
3bf099f26bf07468029e6530645fcfde

SHA1
fcb568a2d474b4ee320ddc7feb3dab64c6d2f03b

SHA256
330846a1d31282dc78e769ee24feb58ec662db709fafcd009de8897a5aad26c2

SHA512
ce94ee33a3232a47c4930dd81aff48a3099834a20ba341f39268561e79753dd9a7ddec949eb661b36ab1a94cd15fc682743bd616624dfc58adffb7b2d4ae3902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
dd1d13d842c28221d707201d2061fc0c

SHA1
a77c5fbb653d4e8737488b4ae5b492a544eac889

SHA256
3ff5da8992d0f730c237b68447becae9961d52034e0d3b69737bfad761dbea38

SHA512
8d268d0df61e0a246ccc8a8720a544edd5c318b642bdc79df3e7331c95fd90c1a5cfe4fdb72b875887a8365c04469a7940a92f5a843c878fbfa847a9727d8026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
4ce48d02e53c3f90adbd007fea1c1c73

SHA1
e51bde366a1d9b64728491829c7c9ac5c2552e15

SHA256
663eb7bedb04be3fb58d3b516037aba1ca34bb47a4760a0c58ffda5f9ccf86c3

SHA512
46337c5f1899c3ed25a236883c272c5fdf05646f4a7d5978873b710b79161e74e45e6d84b7981d1cb78f701b5fccd7edc345f6124fd6f87f483f2dbd4fcdb190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
4169bc7178487cded29021bea4e59acd

SHA1
124a373e92c4ce982a660ab14e162b02b42019a4

SHA256
a8347d1a9be453a70c958ad96c0edb2894db42ad0576ee862b3ff697acedacb0

SHA512
f479614d5043b48f88f42dc4eb441359399fcdfab4b321d385e1e3417e9d2af9886ab36c1dc274601ab26e68db152f7c30f6e8982490b8f9e3a3b0d9819ff4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
5831a22137d0ce20b6f163125aafe837

SHA1
0f3b1dc5d76b6a67416368ae3085ea72281453d3

SHA256
802164f90d8b93a3acca8d0ba9bac8a34dc9cc2292c7c15c1cbdcb8bbcac9770

SHA512
464ad409ad96c03d97568ec2d7e41d6a9550a5fbb8b4897f1728881c886612fcbd4dade4108ecebdd180e775a378b73c35af2626a68d29f9b85b34593f0b4c57

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d3ce7ba8150c6b4ed1ad1212fd1c021a

Filesize
7.9MB

MD5
d3ce7ba8150c6b4ed1ad1212fd1c021a

SHA1
703ccb1beb53288f7d6da1294c5fd5a0e6e3a56a

SHA256
327f6d9ac087b0614239a9234981a015b09a108bdc0dd97a2ae72bb1ce6faa5f

SHA512
606d6a8bf1c51247f78b7a2ecff7027b08059814df54f40c461241cc9254d31df08d24f1f0b66570849ad84993baf7dce9c10e02f91071834ab8269e76e8ffa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\edgA7E5.tmp

Filesize
28KB

MD5
583a92e3e37000f345e297ccf15e3c08

SHA1
76cee9bd8f27309c4af7aa52824a4d2eddb8f239

SHA256
82b24606ef96c7ee458df1be3e5a1ebc8714af9edeca19ac5b359d33a833eb3c

SHA512
42da33c01d3c7793ceb56f5c8a33f40a61a6ed6dfec437697e999443df5a3b6dbeaf9465bd7f18235c490c01ed87321628bb2bdf8a3eda6377488707d4ff35b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3644_1240394143\81d4b8b3-5db5-407d-999c-e80044c11ffe.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
2e137db6c04db5507c8f88f14065936e

SHA1
aee0767c964c5370bd2cc659cfc71a17118e4693

SHA256
e8d2cc39eb07c7ab2c817ba844bc6bf4bd72d1e2557b80233912e940c3270a9f

SHA512
5c6d0e32fcccff7c66225fac1bc56d835b38e99a5e9f3c8dccce9b0537c052f6cccf273e4310bad7aa126268d8f4a88e10dc45927215f58ccd3c2001e5aae02c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IJV2U64UH2I27R2200OS.temp

Filesize
10KB

MD5
ed07a211065f3def135d9494d3c9d293

SHA1
8cb91311394e44b5d069fb1a22b491d748c5a2bf

SHA256
6485cab96f82c75edb254fc38afc2de6d6a84fd5690c913581d342a75ccab565

SHA512
46bd7cda0c160d1a187ade7e101b08dcb39d5383a802fee234c96940a0064ab560d768950da8f9034fc13740f07b80db92f72b52915f70bca4a71d8f55a61de2

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller-MRT34KVJGC.exe

Filesize
7.8MB

MD5
e7859398c10c098e678bd8fd13681f10

SHA1
11b731fc9b78dc9a742b2c06b79015fc911fdfb0

SHA256
e756ce2935d54ce1f9a57d5518bf47659a5eb4aefef72dae5349d8b013ee7f58

SHA512
7a75b55ff6ec09fb777b171e7222a2f3aa58c95d7edd6a60a2bd99010ea95542eeb7ca7e8cc52b93edb0677543d6003fd9b3d08915ee8b8f2b291668c85c4adf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 568801.crdownload

Filesize
12.2MB

MD5
c6117d3b5020b8fa5e48b6dbf5befabb

SHA1
cb84ae28f0bb7358198b8dcc7d2b1aba335ea346

SHA256
40d3370dca2b21a3051ad89e387ba12443c0b8dfac7720dee64e9f7117d502d7

SHA512
bb85c47f836bf15a9be0688fe98c4d5eb35347b17d50f71990c96043359836d67e42e35025fff5b510225bd5da2e79efe2740b100eca4227846701263c594e74

Download Submit
memory/1756-2138-0x00007FFD4DBD0000-0x00007FFD4DBDB000-memory.dmp

Filesize
44KB

Download
memory/1756-2132-0x00007FFD4DBB0000-0x00007FFD4DBC0000-memory.dmp

Filesize
64KB

Download
memory/1756-2130-0x00007FFD4DC90000-0x00007FFD4DC9E000-memory.dmp

Filesize
56KB

Download
memory/1756-2129-0x00007FFD4DC90000-0x00007FFD4DC9E000-memory.dmp

Filesize
56KB

Download
memory/1756-2128-0x00007FFD4DC90000-0x00007FFD4DC9E000-memory.dmp

Filesize
56KB

Download
memory/1756-2127-0x00007FFD4DC90000-0x00007FFD4DC9E000-memory.dmp

Filesize
56KB

Download
memory/1756-2126-0x00007FFD4DBE0000-0x00007FFD4DBF0000-memory.dmp

Filesize
64KB

Download
memory/1756-2125-0x00007FFD4DBE0000-0x00007FFD4DBF0000-memory.dmp

Filesize
64KB

Download
memory/1756-2123-0x00007FFD4C140000-0x00007FFD4C170000-memory.dmp

Filesize
192KB

Download
memory/1756-2118-0x00007FFD4BFD0000-0x00007FFD4BFE0000-memory.dmp

Filesize
64KB

Download
memory/1756-2117-0x00007FFD4BEC0000-0x00007FFD4BED0000-memory.dmp

Filesize
64KB

Download
memory/1756-2140-0x00007FFD4C350000-0x00007FFD4C360000-memory.dmp

Filesize
64KB

Download
memory/1756-2142-0x00007FFD4C450000-0x00007FFD4C460000-memory.dmp

Filesize
64KB

Download
memory/1756-2144-0x00007FFD4C480000-0x00007FFD4C4A6000-memory.dmp

Filesize
152KB

Download
memory/1756-2147-0x00007FFD4C480000-0x00007FFD4C4A6000-memory.dmp

Filesize
152KB

Download
memory/1756-2146-0x00007FFD4C480000-0x00007FFD4C4A6000-memory.dmp

Filesize
152KB

Download
memory/1756-2145-0x00007FFD4C480000-0x00007FFD4C4A6000-memory.dmp

Filesize
152KB

Download
memory/1756-2143-0x00007FFD4C480000-0x00007FFD4C4A6000-memory.dmp

Filesize
152KB

Download
memory/1756-2141-0x00007FFD4C450000-0x00007FFD4C460000-memory.dmp

Filesize
64KB

Download
memory/1756-2139-0x00007FFD4C350000-0x00007FFD4C360000-memory.dmp

Filesize
64KB

Download
memory/1756-2148-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2154-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2153-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2152-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2151-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2150-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2149-0x00007FFD4C320000-0x00007FFD4C347000-memory.dmp

Filesize
156KB

Download
memory/1756-2156-0x00007FFD4C1F0000-0x00007FFD4C212000-memory.dmp

Filesize
136KB

Download
memory/1756-2161-0x00007FFD4E770000-0x00007FFD4E7A0000-memory.dmp

Filesize
192KB

Download
memory/1756-2160-0x00007FFD4E600000-0x00007FFD4E601000-memory.dmp

Filesize
4KB

Download
memory/1756-2158-0x00007FFD4C1F0000-0x00007FFD4C212000-memory.dmp

Filesize
136KB

Download
memory/1756-2157-0x00007FFD4C1F0000-0x00007FFD4C212000-memory.dmp

Filesize
136KB

Download
memory/1756-2155-0x00007FFD4C1F0000-0x00007FFD4C212000-memory.dmp

Filesize
136KB

Download
memory/1756-2133-0x00007FFD4DBB0000-0x00007FFD4DBC0000-memory.dmp

Filesize
64KB

Download
memory/1756-2134-0x00007FFD4DBD0000-0x00007FFD4DBDB000-memory.dmp

Filesize
44KB

Download
memory/1756-2135-0x00007FFD4DBD0000-0x00007FFD4DBDB000-memory.dmp

Filesize
44KB

Download
memory/1756-2136-0x00007FFD4DBD0000-0x00007FFD4DBDB000-memory.dmp

Filesize
44KB

Download
memory/1756-2137-0x00007FFD4DBD0000-0x00007FFD4DBDB000-memory.dmp

Filesize
44KB

Download
memory/1756-2131-0x00007FFD4DC90000-0x00007FFD4DC9E000-memory.dmp

Filesize
56KB

Download
memory/1756-2120-0x00007FFD4C140000-0x00007FFD4C170000-memory.dmp

Filesize
192KB

Download
memory/1756-2121-0x00007FFD4C140000-0x00007FFD4C170000-memory.dmp

Filesize
192KB

Download
memory/1756-2122-0x00007FFD4C140000-0x00007FFD4C170000-memory.dmp

Filesize
192KB

Download
memory/1756-2124-0x00007FFD4C140000-0x00007FFD4C170000-memory.dmp

Filesize
192KB

Download
memory/1756-2119-0x00007FFD4BFD0000-0x00007FFD4BFE0000-memory.dmp

Filesize
64KB

Download
memory/1756-2116-0x00007FFD4BEC0000-0x00007FFD4BED0000-memory.dmp

Filesize
64KB

Download
memory/1756-2107-0x00007FFD4CA70000-0x00007FFD4CA80000-memory.dmp

Filesize
64KB

Download
memory/1756-2108-0x00007FFD4CA70000-0x00007FFD4CA80000-memory.dmp

Filesize
64KB

Download
memory/1756-2109-0x00007FFD4CB00000-0x00007FFD4CB10000-memory.dmp

Filesize
64KB

Download
memory/1756-2110-0x00007FFD4CB00000-0x00007FFD4CB10000-memory.dmp

Filesize
64KB

Download
memory/1756-2111-0x00007FFD4CB20000-0x00007FFD4CB30000-memory.dmp

Filesize
64KB

Download
memory/1756-2112-0x00007FFD4CB20000-0x00007FFD4CB30000-memory.dmp

Filesize
64KB

Download
memory/1756-2113-0x00007FFD4CB20000-0x00007FFD4CB30000-memory.dmp

Filesize
64KB

Download
memory/1756-2114-0x00007FFD4CB20000-0x00007FFD4CB30000-memory.dmp

Filesize
64KB

Download
memory/1756-2115-0x00007FFD4CB20000-0x00007FFD4CB30000-memory.dmp

Filesize
64KB

Download
memory/1756-2105-0x00007FFD4E770000-0x00007FFD4E7A0000-memory.dmp

Filesize
192KB

Download
memory/1756-2098-0x00007FFD4E610000-0x00007FFD4E620000-memory.dmp

Filesize
64KB

Download
memory/1756-2099-0x00007FFD4E720000-0x00007FFD4E730000-memory.dmp

Filesize
64KB

Download
memory/1756-2100-0x00007FFD4E720000-0x00007FFD4E730000-memory.dmp

Filesize
64KB

Download
memory/1756-2101-0x00007FFD4E770000-0x00007FFD4E7A0000-memory.dmp

Filesize
192KB

Download
memory/1756-2103-0x00007FFD4E770000-0x00007FFD4E7A0000-memory.dmp

Filesize
192KB

Download
memory/1756-2104-0x00007FFD4E770000-0x00007FFD4E7A0000-memory.dmp

Filesize
192KB

Download
memory/1756-2106-0x00007FFD4E800000-0x00007FFD4E805000-memory.dmp

Filesize
20KB

Download
memory/1756-2102-0x00007FFD4E770000-0x00007FFD4E7A0000-memory.dmp

Filesize
192KB

Download
memory/1756-2097-0x00007FFD4E610000-0x00007FFD4E620000-memory.dmp

Filesize
64KB

Download