6408dbd08796f501baf4a67f98c859a6a581a41b1909a987b15e60d06f27fe26

Analysis

max time kernel
125s
max time network
131s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
26-03-2023 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerLauncher (1).exe
Size

2.0MB
MD5

88e64ec3895db7e1dadeb7e28a149642
SHA1

b566a1a6b0ee3b43488143c8ec3c69f4ca15d05c
SHA256

6408dbd08796f501baf4a67f98c859a6a581a41b1909a987b15e60d06f27fe26
SHA512

f723ab2546b6e91e0e3de90cc2bc0c32983fd9f307676a00caccadebdfab372f6889f0fca75d70a3dd39d875c0f2e40ee5a6d3b6130f99961d1f7b207a8b8fbb
SSDEEP

49152:GrihbF2YzW7juDDUrEC19YTl10auIyhhTxHMOPMQ3d2y7TMb64:84bF2P7jukrEWo1fbB

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 5 IoCs

pid	Process
1864	RobloxPlayerLauncher.exe
1804	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
1500	RobloxPlayerLauncher.exe
676	RobloxPlayerBeta.exe

Loads dropped DLL 26 IoCs

pid	Process
1784	RobloxPlayerLauncher (1).exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
908	RobloxPlayerLauncher.exe
676	RobloxPlayerBeta.exe
676	RobloxPlayerBeta.exe
676	RobloxPlayerBeta.exe
676	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (1).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\configs\GameControllerConfigs\gamecontrollerdb.txt	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\JestTestResult-edcba0e9-2.4.1\JestTestResult\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\ShowMoreWrapper\init.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\TestHelpers\MockAppStorageService.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\ProfileQRCode\Rodux\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Array\indexOf.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Array\slice.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\__fixtures__\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\IAPExperience\Locale\Locales\en-us.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ReactRoblox-9c8468d8-8a7220fd\ReactRoblox\client\roblox\SingleEventManager.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\Components\NavHighlight.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PlayabilityRodux\PlayabilityRodux\Reducers\PlayabilityStatusReducer.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\VoiceChat\Unmuted60.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Set\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\utilities\getIntrospectionQuery.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ReactProxy\ReactProxy\Shared\flowtypes.roblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxAliases-64af4154-868f23dc\AliasNetworking.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppCommonLib\AppCommonLib\Release\rolloutByApplicationId.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\installReducer\ShowContactImporterParams.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SetAlias\Dash.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\VirtualizedList\Otter.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\models\ViewSelector\Basic.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\Chat\ChatDownFlip.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\utilities\common\errorHandling.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\InstanceOf\InstanceOf\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\JestDiff-edcba0e9-2.4.1\JestDiff\DiffStrings.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ReactTestingLibrary\ReactTestingLibrary\jsHelpers\jest-dom.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxPresence\RoduxPresence\Enums\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\RoduxNetworking.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Tile\SplitTile\VerticalTile\VerticalTileV2.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\JestReporters-edcba0e9-2.4.1\JestReporters\Status.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\llama\llama\List\copyDeep.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\Symbol\GlobalRegistry.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\String\trim.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\roblox_string-utilities\string-utilities\StringTrim.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Enums\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\FriendsLandingHeaderBar\FriendsLandingHeaderBar.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\t.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\UIBlox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\PlayerList\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\PurchasePromptDeps\Promise.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-a406e214-4230f473\ReactReconciler\ReactFiberBeginWork.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Components\UserTileCircular\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\Utils\Utils\mergeDeep.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\PlatformContent\pc\textures\grass\diffuse.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\Dash\Dash\format.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\JestDiff-edcba0e9-3.2.1\PrettyFormat.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\JestRuntime\JestRuntime\__mocks__\createRuntime.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxUsers-0641181c-bdaabf6e\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\ExperienceChat.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\AddFriends\AddFriendsTile\init.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\dialog_blue.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\Settings\Slider\More.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\Cryo\Cryo\Dictionary\keys.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RecordPlayback\RecordPlayback\LuauModuleSerializer\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameDetailRodux\GameDetailRodux\Flags\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PeekView\AppCommonLib.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Common\Constants.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\DeveloperFramework\Votes\rating_up_white.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\VR\Radial\Icons\Recenter.png	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\ProtocolExecute	RobloxPlayerLauncher.exe

Modifies registry class 50 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee419000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RobloxPlayerLauncher (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	RobloxPlayerLauncher (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	RobloxPlayerLauncher (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e309000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	RobloxPlayerLauncher (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RobloxPlayerLauncher (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
1864	RobloxPlayerLauncher.exe
676	RobloxPlayerBeta.exe
676	RobloxPlayerBeta.exe
676	RobloxPlayerBeta.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	676	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1612	1784	RobloxPlayerLauncher (1).exe	30
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1784 wrote to memory of 1864	1784	RobloxPlayerLauncher (1).exe	32
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 1864 wrote to memory of 1804	1864	RobloxPlayerLauncher.exe	33
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 1500	908	RobloxPlayerLauncher.exe	38
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40
PID 908 wrote to memory of 676	908	RobloxPlayerLauncher.exe	40

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe
  "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=142432bbee131ec1e680ff4280b83f65c7d4b91b --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5e4,0x5e8,0x5ec,0x5a4,0x5f4,0x650af4,0x650b04,0x650b14
  2⤵
  - Modifies system certificate store
  PID:1612
- C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe" -channel zflag
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe
    C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=d4a4a4ad1cbd35850c37a672e5c216b9b80fbbae --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5c4,0x5c8,0x5cc,0x598,0x5d4,0xd4f748,0xd4f758,0xd4f768
    3⤵
    - Executes dropped EXE
    PID:1804

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe" -app
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:908
- C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=d4a4a4ad1cbd35850c37a672e5c216b9b80fbbae --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5ec,0x5f0,0x5f4,0x5c0,0x5fc,0x146f748,0x146f758,0x146f768
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe" --app -channel zflag
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
fb8063aac5fdc0ec530d93a6cd569601

SHA1
11e56d7705a0cfd294c6b8c7e7eaddc59391dca1

SHA256
3ceb12534ed8636e035d721ff7dc0e581d2f610e7b89b1246d9fe11b9d1b93f0

SHA512
561bda75a3e55bc768e483165bf285ce67638ab0a6ceb15e08593d635311cbd128cc7b340ab0a043efa95ebd4b37db215a3ec98e39e6b7465149acdd539c3539

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\AppSettings.xml

Filesize
149B

MD5
48f58abeaac832f838efd2beb25f4c90

SHA1
7878e28b62e5d9bc9042a3e44094e39668f03384

SHA256
893a58e7946728c9dd5caac10e5bdc306a465e406c1f979ded52a13dafebce2d

SHA512
c5e3025b63eead12a0f8192ea41afd1216dd87b14a07d22ebafc6d3d899a06e80da947b3fcd1b3f2cf53b89b3de9967f89c415394d66c277556373b620dc827e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
58.4MB

MD5
e9bda109680d486190e08e93278fc11c

SHA1
a556a7b58695f1d4e26502b31b87f893d2667879

SHA256
1fde5a029fddaeeaf77a25f63502ed24bc60e5a6e8d637b63fd55b32786d2112

SHA512
e31f4ce39c727722690979d25b58febfee76e17f45b5da7462c49aec0725911fe48a76455493c9486065701c2105cf4b4c455e6d3767e3e497deaed3be8cd238

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
dd2ea315bf28583d057da8ad589bd010

SHA1
6b6e445f08a771d1ad53decf2bf67b9a694cbdc5

SHA256
b433ca88b457a156bc7bf91165bf42c04fcca42362e443c432af54373ddb9d85

SHA512
b3124041eab14f185e6f4607bc875dc4bb779c9fe0358042343d5448b9b527b32bc8844e7a8e1720ea34862a43f1ef1c483d8c53e741b4fdab27694b083534dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
806857b3b9f90acd13ea162780b2b17e

SHA1
354d254b2916a589a910472c287c06de51c28595

SHA256
5223a4da9850ed81ec88988ed20b55bffbc7b3fde4144b5f7e41196d58165d48

SHA512
338d2680d68965e05212c7e0ee55901fe156bfa10ef37a0f00dbf0e667e49b96151ceb21f66d7267bb87cb277b0c5cde050626a9ecd0bcb8762633881baaa7e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701

Filesize
472B

MD5
def8dfe7022e65695ea760ecdad81f39

SHA1
48f6f7dd5dab09e97beb98c5fde65721c4ed38de

SHA256
0476b5074917399ba615085f899d2adeee95c36cd6ee8bd34271bc1f387db65e

SHA512
71343941aa04efc90e34c286740e908479ea009cf94a2b809b8531d63af98ea99ed3677c3c9645deb8a6fd142ff862519044156b05ee8fa4569058ee952a7b35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
e23d8cd61c2e75283867a91ce42aa1dc

SHA1
a86f54bb4f00cf0fcd3efc3951d54e168d25c7f4

SHA256
0a8b65baa91fb423458dd64e067a6009cd4ce9a93c65ac4b448025403ab0ea9c

SHA512
89483da80407e373d6d0f18b4ddd3976a5cd8e590b398de51e881623f54e4c146ec57def18c26c8f7ca5e7ed00b51b9a94d14ad38d2d716b416507b41144c5f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
a717bee82a54c06eafd8696c31408c20

SHA1
d04878056daf3b630b5bcf19eb6431e03cbd1e71

SHA256
81bc12a11aabaf5de16b43d573b2cf0f35f62d9a85a2b59213260a834d78592f

SHA512
d8a418d27a7c10d0fcc9df95b6972c2bb554c21431a19064226da963abda0b36076a1decab33f632397b84d5b5d22406d3b238570b2ded0d71f07e6f7094a7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
426767684a784d78277156a5f1cc54ef

SHA1
7bef2efcf672f3fc80cd885ac0494ea64806d156

SHA256
907b0c9511f3192410a5e27406a9308a7b795c872dca78725a7edf84e1ca58d7

SHA512
b2af25efa4e236196d776675740df30c8b7fc2d0af7a53a3fab0cf59c3809142688761533f322ca179da436c74d1dbc8b1b98bc075416e614a1544cdf272d4f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
50a8ae0841408c59dd7c846d8c897b8c

SHA1
a891a078f59c14baf7198f210c7d2c86d546c9b0

SHA256
126e345a14e18732411c5a0f16502fbd060d268019627ced01c21e418f21a495

SHA512
5ad75a6e289ebec1c5cd151d79cc92ee61edff5534162ff326d373ca3a0ed8adc0626e9cb4fab48bea979a2c500b1e28882b23f26934e452c721b2b7a9036fe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
963ec1e865833a90dd413ff4ea1b4a33

SHA1
5c0fa2544740830c86a18030424e11335faeac17

SHA256
39303734cae8928e9f42791e65044fd3be4aec1929ea19df33d13f955354ddcf

SHA512
3c06c772fec5c79234f23aabd2453f11a4137b0305b2834166a2cc6e2d734a5f7b1c743aed8372ae06d57de27bc3c53a2c4ef23007918aac8d95da563ebe2147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701

Filesize
496B

MD5
5929d14774b8a1ac76fbcc7ca8a4bc65

SHA1
2b5f65f18adfa50ff8a7eafa5acd8d4ca9654b5c

SHA256
09ad7a6c6c93bf624ca7c96cbf66c3dbc3bce7d98f733bb7758ff3d6090e8ed3

SHA512
46b6efed7f9feeb53a30203b2b7d82e59220a5e52eed5a0e31bb8cb0a11ea77fba084fae140bc8bdd6eb5aa62e4089aaba06d5b98ab16a5bb682dd44ccd13ca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82b5d34442319ff558324603ad38f239

SHA1
e97d4fbffd7490a16421dddb3336367c39e114c2

SHA256
a5c9a6e583e05e9f31cab09c688a231540371a0ea4aec587d9231c82e352d2aa

SHA512
e41c50d1100bed571789c46e240e572d7a323044982935164029b72a6a8817de61a82b7e060ffb0c2b9bd9588863b2fdef28f7a573e771a95d6ef5acf7c63005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92447891f549cdfeeab2d3e40a84dfe4

SHA1
86161ed6a365c88a0eaf75b2a3de56f95043cb72

SHA256
21017666b4e305d11bde0d9c944dc0ae81b7de5bfde1823cab9567cc7dcaddbc

SHA512
08072a4ea940f609d2c855d3e8901432cc72e8d735ecff55a10bf2366a7b23865f08ccb2be7bdda0e814775abd7beb9b3499eaeb1d11172260e3d66dc970d7a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3691f9a7ec36c3bca1ae910433b5257f

SHA1
0f74501f66d67b2d55a21644ef8a491b67761e31

SHA256
46c7a1608720f7f3357d7d4906e4e1f04d5dede26ab283241a4672801e649b21

SHA512
c65e8d055fc408b7982f524711bdb1f1ebb81561a2fe5674ff7e96accf6dbf068babcf311e210f588fe5edd96befc1b1e4c2b85bc9e3c5ba5d5091f5406bfed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dd6a077c2139ad1dc4f043286dab464

SHA1
435aca563c7eb349e64dc771f0f1df7104341237

SHA256
d3414178cbdd0e9c64c8f3208a9d5e5b56fefc6cba8049fa62668ba4cbfb792b

SHA512
4185d56c797dca7e390324cff35272741a3c1b8542e02bd744491ed1aa539114deec92a3d041d0d96264e7415efe463b6ea11383de9201af904fb95847301aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
67395f7241bea97d1d181a519dceea9d

SHA1
32eeca251a80d9720fa81162cc0859acc8bac07e

SHA256
72e82eebdef54a865082bca83753a455b60c16fca835fe2de12d99fa0d660ff2

SHA512
246b211aab5f4f4ed90efd8ba02791387659c4ee46658cd25635799670c75340ae1343a3862a79a800c0a7f0dca8c1859655496550126a883bd298267e35a335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
6a4dbb1054a0c46208ca96ec73ec1528

SHA1
b37260b5a4f098b0df690775ff23f84ce5651ef9

SHA256
7c234625a52a761eb4e77e1083d42f589d71def0f98365a19f6bb898bade28c7

SHA512
6d5d6c2ba7e91c78aaada0e4bde08f996691ee15f5dfaa36a3aed5f53de8da7c525dbecd0a9865171442662753ce88287b0e5f623126640aa665098eb55000a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
bf967a40fc9fd1177e0b248cef87e4d7

SHA1
1ec8b44776aba9fb115105cc52105cc84264bdac

SHA256
ab6da28c79c62e42e6a8a6b015740bb6904e59a130c39918027a39f30fd2e551

SHA512
ed9221b8ea983beceb2e4cffde70ace88f01e5bb7eda2940f62b9e9de66683a60f4079899fe213bf7d82dda21ec0eacf745c229e024d6cd11b2e922375b64ae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
08d5ac57dd70a95f5f43949801eee436

SHA1
d0fd87206f9cd66494ee61b09f9bb3db2ae10839

SHA256
04602708455fb409c3e4d26d320689ceeda5e1647606cd3cddfd55478eab0a09

SHA512
3ca91d1958de8af0b31f27731090778d178af57b4dd6565b5a77d764a5ddd3ebbf865a7d3332206cd1d0be5e22941a8146463dc9292e643567f8ec9523cffacc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\version-1720baa3c1c34d9c-rbxPkgManifest[1].txt

Filesize
1KB

MD5
16c5225d832a4bf8d6541f5e2675a642

SHA1
779139629695c67f16a2bbba47d516aab52b4f7c

SHA256
3b69f842e04b6d090bb6d7f17ffc18d6044138d5ee0a41dcaacbd4d15da2baca

SHA512
a0d4c70aa842976f6cedebaf086d8d5253754375729c5bcac47567bfa9694275eeb76ab01bf15910c0e0def60203f009ac784ad9dd711ee1ffda8a5e2d2a465d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\zflag[1].json

Filesize
7KB

MD5
5dffc22cddfab6f7a9d454c1dc1db3ed

SHA1
9d0a5d0e7c84e1bc545f33bfca7854e83d3f11d6

SHA256
bae04a19bd8bdd423363ba5723da8e8d124a47d321e01704d625c3d937ea7a59

SHA512
906a35550a8e2f948de4ca13238622e50bc2d8281223db1d2f196785012786b7a00b8d4b3f0c71b607d56b32cad24755d6840cc376ad3100d6387393c54e8c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\zflag[2].json

Filesize
119B

MD5
656e84d9aabf9d220cb5e55b31b7342f

SHA1
056efaf69bdf7cca1a46fad28deeb087ec874e8a

SHA256
4db3c748fea88e1083848e2323152d116adda5400431191de3fdb08334232467

SHA512
27d4ce499895e52f316b7645ff869c8b74170ad20c484c7e8f51d12044bfc2b4a5a594ef381baba2cb6e01c93c0688666d8e6acac3afaeaef987a34c7c6bc996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\zflag[4].json

Filesize
119B

MD5
656e84d9aabf9d220cb5e55b31b7342f

SHA1
056efaf69bdf7cca1a46fad28deeb087ec874e8a

SHA256
4db3c748fea88e1083848e2323152d116adda5400431191de3fdb08334232467

SHA512
27d4ce499895e52f316b7645ff869c8b74170ad20c484c7e8f51d12044bfc2b4a5a594ef381baba2cb6e01c93c0688666d8e6acac3afaeaef987a34c7c6bc996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\BatchIncrement[2].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\zflag[1].json

Filesize
119B

MD5
656e84d9aabf9d220cb5e55b31b7342f

SHA1
056efaf69bdf7cca1a46fad28deeb087ec874e8a

SHA256
4db3c748fea88e1083848e2323152d116adda5400431191de3fdb08334232467

SHA512
27d4ce499895e52f316b7645ff869c8b74170ad20c484c7e8f51d12044bfc2b4a5a594ef381baba2cb6e01c93c0688666d8e6acac3afaeaef987a34c7c6bc996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\PCClientBootstrapper[1].json

Filesize
2KB

MD5
f47efd2be737b7a273091d90dc20446c

SHA1
689d2c933298230188196513f2a2e93dd0a284c4

SHA256
29e01cde1afb607fe21427d0ef6eb91f494dcb2a976da013fceed6942ef989fa

SHA512
2a812f7d661b6ccc68a9df292c2f1f8dec2bc2b8fd60314ecb7b513eff5d65e71af316a41b12f0ec9b5d640d45b863f2388b2a35b798024dce6df3ae3f895a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3DCE.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar42C5.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
256e5cb3a6f22724991043a1a1f9cd06

SHA1
88dbcdb0c941beff046c93da061824390749bce7

SHA256
99e9592f4d96ea43f340a8e0ff4e9a302da6432dc2ff0c4aebdf540f3120552d

SHA512
6832fb6208854c4b9c664522c11f298eaec5764827a8dda05355e62ca7dd1432cbc353a6b92cce93815199946c3b93950187a4084ba25541500e6bdbbabdaa9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
256e5cb3a6f22724991043a1a1f9cd06

SHA1
88dbcdb0c941beff046c93da061824390749bce7

SHA256
99e9592f4d96ea43f340a8e0ff4e9a302da6432dc2ff0c4aebdf540f3120552d

SHA512
6832fb6208854c4b9c664522c11f298eaec5764827a8dda05355e62ca7dd1432cbc353a6b92cce93815199946c3b93950187a4084ba25541500e6bdbbabdaa9a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TVKSI9MW.txt

Filesize
68B

MD5
4ab0312d91b54dd5127a0b6abc1c03e1

SHA1
60c9ad1ff6b1be46cf9441b59949cd136c94e784

SHA256
eb751e12e3fe940e9b07e2ccf8faf76aa0cb7ef4f1091908abf6d5be17a2a32a

SHA512
8b930ae2db5a7e3746433ab2b03000ea42921659bb4ac114b280f2c217397f3de0645a802e58f5ad0e5919fca63cb7eb5733851b03c797bf106350213b64edd7

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
fb8063aac5fdc0ec530d93a6cd569601

SHA1
11e56d7705a0cfd294c6b8c7e7eaddc59391dca1

SHA256
3ceb12534ed8636e035d721ff7dc0e581d2f610e7b89b1246d9fe11b9d1b93f0

SHA512
561bda75a3e55bc768e483165bf285ce67638ab0a6ceb15e08593d635311cbd128cc7b340ab0a043efa95ebd4b37db215a3ec98e39e6b7465149acdd539c3539

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
fb8063aac5fdc0ec530d93a6cd569601

SHA1
11e56d7705a0cfd294c6b8c7e7eaddc59391dca1

SHA256
3ceb12534ed8636e035d721ff7dc0e581d2f610e7b89b1246d9fe11b9d1b93f0

SHA512
561bda75a3e55bc768e483165bf285ce67638ab0a6ceb15e08593d635311cbd128cc7b340ab0a043efa95ebd4b37db215a3ec98e39e6b7465149acdd539c3539

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
fb8063aac5fdc0ec530d93a6cd569601

SHA1
11e56d7705a0cfd294c6b8c7e7eaddc59391dca1

SHA256
3ceb12534ed8636e035d721ff7dc0e581d2f610e7b89b1246d9fe11b9d1b93f0

SHA512
561bda75a3e55bc768e483165bf285ce67638ab0a6ceb15e08593d635311cbd128cc7b340ab0a043efa95ebd4b37db215a3ec98e39e6b7465149acdd539c3539

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
58.4MB

MD5
e9bda109680d486190e08e93278fc11c

SHA1
a556a7b58695f1d4e26502b31b87f893d2667879

SHA256
1fde5a029fddaeeaf77a25f63502ed24bc60e5a6e8d637b63fd55b32786d2112

SHA512
e31f4ce39c727722690979d25b58febfee76e17f45b5da7462c49aec0725911fe48a76455493c9486065701c2105cf4b4c455e6d3767e3e497deaed3be8cd238

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
58.4MB

MD5
e9bda109680d486190e08e93278fc11c

SHA1
a556a7b58695f1d4e26502b31b87f893d2667879

SHA256
1fde5a029fddaeeaf77a25f63502ed24bc60e5a6e8d637b63fd55b32786d2112

SHA512
e31f4ce39c727722690979d25b58febfee76e17f45b5da7462c49aec0725911fe48a76455493c9486065701c2105cf4b4c455e6d3767e3e497deaed3be8cd238

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
58.4MB

MD5
e9bda109680d486190e08e93278fc11c

SHA1
a556a7b58695f1d4e26502b31b87f893d2667879

SHA256
1fde5a029fddaeeaf77a25f63502ed24bc60e5a6e8d637b63fd55b32786d2112

SHA512
e31f4ce39c727722690979d25b58febfee76e17f45b5da7462c49aec0725911fe48a76455493c9486065701c2105cf4b4c455e6d3767e3e497deaed3be8cd238

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
58.4MB

MD5
e9bda109680d486190e08e93278fc11c

SHA1
a556a7b58695f1d4e26502b31b87f893d2667879

SHA256
1fde5a029fddaeeaf77a25f63502ed24bc60e5a6e8d637b63fd55b32786d2112

SHA512
e31f4ce39c727722690979d25b58febfee76e17f45b5da7462c49aec0725911fe48a76455493c9486065701c2105cf4b4c455e6d3767e3e497deaed3be8cd238

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
58.4MB

MD5
e9bda109680d486190e08e93278fc11c

SHA1
a556a7b58695f1d4e26502b31b87f893d2667879

SHA256
1fde5a029fddaeeaf77a25f63502ed24bc60e5a6e8d637b63fd55b32786d2112

SHA512
e31f4ce39c727722690979d25b58febfee76e17f45b5da7462c49aec0725911fe48a76455493c9486065701c2105cf4b4c455e6d3767e3e497deaed3be8cd238

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
56.0MB

MD5
a96490297038e6195aab3888a29ca125

SHA1
871704063a170f1099c90e634b6898bc458a8c1a

SHA256
4402859de286619f2a6540592254d2414ddbbdc5f5c21715d218d9d2891f0633

SHA512
f4d7a50b2ab0c6f519c928e3ec4896408f8595f8ada35eb6cb07c52a127144e4d2e39b9b724533447a35ecefbe16d75ee243ad9da9b370d07f834c64db0a2f54

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
56.9MB

MD5
c2b25c5bf0d196635d3c544ff91b8d0d

SHA1
74e220b0e62389cbbc53f72d9f04bdc7c7ed5ce8

SHA256
837210d362dde5bdbfa008d070ff7908d681e2945fbeeee8c6912dafd859c3ae

SHA512
f70e26379521c876273269220886d3f915d89d7252675210b8c1dde4c60b6a241417c69d9932d2a503764248d5d2a13407b81ef420ddde16f368db305787c66d

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
10.4MB

MD5
1616b233b2b2fe649fe4ba4512ed6511

SHA1
d75b98135186d57062e7b5f33fd6901304ba6c49

SHA256
a73a8f3f6814c58ec5c5c601b109c3d0e287203f69ce0d8a7665390d6293e0ee

SHA512
e0ed4a69c828d31b369224fec612eb1b4dc3d34f423c0886ca22d3273f9cdbdc0b70896be95bd1a70feecc0ecd8b775c444d9b35889c2151cd1678d334794be6

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe

Filesize
10.4MB

MD5
1616b233b2b2fe649fe4ba4512ed6511

SHA1
d75b98135186d57062e7b5f33fd6901304ba6c49

SHA256
a73a8f3f6814c58ec5c5c601b109c3d0e287203f69ce0d8a7665390d6293e0ee

SHA512
e0ed4a69c828d31b369224fec612eb1b4dc3d34f423c0886ca22d3273f9cdbdc0b70896be95bd1a70feecc0ecd8b775c444d9b35889c2151cd1678d334794be6

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-7A797511\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
memory/676-473-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/676-477-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/676-478-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/676-480-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/676-481-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/676-483-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/676-484-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/676-486-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/676-487-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/676-488-0x0000000000CD0000-0x00000000064E1000-memory.dmp

Filesize
88.1MB

Download
memory/676-475-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/676-474-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/676-472-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/676-471-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/676-470-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download