6408dbd08796f501baf4a67f98c859a6a581a41b1909a987b15e60d06f27fe26

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerLauncher.exe
Size

2.0MB
MD5

88e64ec3895db7e1dadeb7e28a149642
SHA1

b566a1a6b0ee3b43488143c8ec3c69f4ca15d05c
SHA256

6408dbd08796f501baf4a67f98c859a6a581a41b1909a987b15e60d06f27fe26
SHA512

f723ab2546b6e91e0e3de90cc2bc0c32983fd9f307676a00caccadebdfab372f6889f0fca75d70a3dd39d875c0f2e40ee5a6d3b6130f99961d1f7b207a8b8fbb
SSDEEP

49152:GrihbF2YzW7juDDUrEC19YTl10auIyhhTxHMOPMQ3d2y7TMb64:84bF2P7jukrEWo1fbB

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 2 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

pid process

4692 RobloxPlayerLauncher.exe
3872 RobloxPlayerLauncher.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Actions\RecommendationDestroyed.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxSquads\RoduxSquads\Models\NotificationToastModel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\NativeUtilProtocol.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestDiff-edcba0e9-3.2.1\JestDiff\DiffStrings.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Conversations\NetworkRequests\GetUnreadConversationCount.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AvatarEditorImages\Stretch\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\PivotEditor\SelectedPivot.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Help\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ViewSelector\left_hover_zh_cn.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestSnapshot-edcba0e9-3.2.1\JestDiff.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SetAlias\SetAlias\jest.config.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\displaySystemMessage.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Navigation\SystemBar.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactServiceTags\RoactServiceTags\AppContentProvider.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserLib\UserLib\Actions\SetUserIsFriend.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Actions\ChatInputBarResetTargetChannel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\PurchasePromptDeps\enumerate.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Dialog\Alert\InteractiveAlert.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\MaterialGenerator\Materials\Fabric.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\BubbleChat\BubbleChatApp\BubbleChatApp.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestConsole-edcba0e9-2.4.1\JestConsole\NullConsole.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ExternalContentSharingProtocol\MessageBus.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\TestHelpers\validateEvent.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Utils-debf4142-0.2.0\Utils\heal.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\RoactStudioWidgets\button_radiobutton_default.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Actions\SetGameUserIsPlaying.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Object\is.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingAccountSettings\NetworkingAccountSettings\networkRequests\createGetEmailSettings.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactFocusNavigation\ReactFocusNavigation\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Shared-9c8468d8-8a7220fd\Shared\enqueueTask.roblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-2.4.1\JestUtil\createDirectory.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingCall\NetworkingCall\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\icon_ROBUX.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\TerrainTools\mtrl_snow.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Actions\SetGameThumbnails.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\ApolloClientTesting\testing\wrap.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Actions\HumanoidDied.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Analytics\RoduxAnalytics\Actions\SessionIdUpdated.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Slider\SliderTextInput.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\useIsGamepad.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\LayeredClothingEditor\WorkspaceIcons\Center Camera to Mannequin.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestEnvironmentLuau\JestFakeTimers.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxCall\RoduxCall\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxPresence\RoduxPresence\Models\PresenceModel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxUsers-0641181c-bdaabf6e\RoduxUsers\roduxUsersTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Components\RefreshScrollingFrame\ExternalEventConnection.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\PurchasePrompt\SingleButtonDown.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Help\ZoomGesture.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\llama\llama\List\flatMap.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\tutils.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\SocialTabContainer\mapStateToProps.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\JestGlobals.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\ApolloClientTesting\luaUtils\objectKeysForEach.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiShell\TenFootUiShell\ReactNavigationExtend\createTenFootUiSwitchNavigator.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\Cursors\KeyboardMouse\IBeamCursor.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\utilities\observables\asyncMap.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation\RoactNavigation\utils\waitUntil.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Events\event.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-9c8468d8-8a7220fd\ReactReconciler\ReactFiberLazyComponent.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-0ba25b72-b001fcbe\RoduxFriends\Actions\RecommendationCreated.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe

Modifies registry class 36 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

RobloxPlayerLauncher.exe

pid	process
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe
4692	RobloxPlayerLauncher.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	pid	process	target process
PID 1036 wrote to memory of 4548	1036	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 1036 wrote to memory of 4548	1036	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 1036 wrote to memory of 4548	1036	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 1036 wrote to memory of 4692	1036	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 1036 wrote to memory of 4692	1036	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 1036 wrote to memory of 4692	1036	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 4692 wrote to memory of 3872	4692	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 4692 wrote to memory of 3872	4692	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 4692 wrote to memory of 3872	4692	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:1036

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=142432bbee131ec1e680ff4280b83f65c7d4b91b --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x7a0,0x7a4,0x7a8,0x768,0x774,0x7b0af4,0x7b0b04,0x7b0b14
2⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4692

C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x70c,0x710,0x714,0x688,0x6e4,0x9ab480,0x9ab490,0x9ab4a0
3⤵
- Executes dropped EXE
PID:3872

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
2KB

MD5
76cdfa1e64786cf8a512565aa156d674

SHA1
c34fdc21105fbc45b3b7b2bdc56a22e3806b3b9d

SHA256
4d24972297733d46782d4bb9ec3095429d308ed0598508eedff9b6b73e49f909

SHA512
ce1266af7dc4661f200f33268adbdf57ce5454693068d966fd12066d2d9acc71b4338129564350a49effaefefbd25b8483391d63b0b870f1d5625e880279fb91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
afeb947700934e6495db2ef5ea714989

SHA1
04b3bf94f26b6721dbcc1a82bca036c02a911c49

SHA256
4f5e96a0e628ca7309c330d38643b917c965130949cef8fa342f2f478341f187

SHA512
ddf567306b9ea5439efc12896df20f05568694fd645641f98a1a156e58948e82fd06649a6f0f1ac37b176f5c52d99ddd25d72ec0d63c85ee8235b2c1a5e3bd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
472B

MD5
ea599180805480f5f3c4a5aeaf9fa5ed

SHA1
3384c93bf6926b7141c269f9fe5a3b45ca6312dc

SHA256
57b2f1eb3795614be85f623ac1efbe436502c01c280a955f34e7b9725cafcbe2

SHA512
86a55bf900e39606afa9765d7f02c67f8ff88f12db14718f159f8d462590f30831ef621ff1dc6be6a57ae962fccf4eee78b6d318f784bc1c6622ba85b3a505b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
1KB

MD5
6a3b8331e801f083b403b0857ed8d574

SHA1
48d275731f1dbd0630d1ca55a1b05f149a011d1f

SHA256
98651a2da4a4613bc2a03c4128926fe6b05f1af8a7a21e1fedec75db013706a0

SHA512
7527b8857707c8822e4b7f5049ddc9b4c49933e68535690746d84b7f0187a10f36e874719bdb1bf3ba8b035568a7cbafd687b80c4621dc35552d73f7e497071d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
488B

MD5
c4ffcfb3c003a910e26084f3b24453ba

SHA1
2af285731143d8ed93bdbb15c673ce6fd634a69b

SHA256
f9f477a5c51fdf0ddfaafd28bbf79a1b52d0231c18de00da82a61a4cae9eea91

SHA512
fb9cf2e6bc6b18b296801cc3e1be2f6bf4c7b45c0a9af7f16c51ddc29008c28f2fc000e7a524099650903124bbdfa64dd7b11c5537394be0ea0e0ea884a19a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
254f3a76cde226399e83a64558b7f126

SHA1
49cdaf5f178fb90444c62823c155d5f9f9bdc16a

SHA256
ace7a968360c70eb723ebe77e620347f1a03e1bca45b55175d56f50a4c4b972a

SHA512
bcd7a18c448c4acdb703a10cb189ccd85418f466995c67ec39f9970c2b58fa8ae7901cd513d538ac4c6ca9f9a87dacaa0a72569610b862d6cbcf6d2e13fe8a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
496B

MD5
2565cf27315dee24876ef7b83aa72428

SHA1
b90aaf739a2a78239d1d377a1c96b200e69e4bd5

SHA256
fd0c0e717aa74647b6ba60e4b8195cff44140b73710de4e7a908112776eff0ea

SHA512
ba3f7d63f2d85d6b8803fe4d284d8205f5e569d31d92ebef49ebcc8d17d8d54a70314c492650fad57d04083db98afbac3c02b73b4242f9e5283f1594319ba0a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
482B

MD5
6632c80ac5104c4b14e4e489832fbe23

SHA1
c44d493adaf4156f3436daf545c680e9a1bf5c27

SHA256
81df2711af4abdf93fe433be8384b30c3f67c4255a9488e18f87ace798e7f9e3

SHA512
59eafc1aa10f55ce6bd4f0d7184994c72ea318a8d7cc08e5b134eef6c9e6029a1f3aace0e93f83314d9bd3dcf0e724f9e5b5a2df2e98288324ab03533c8cff31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
b94ec8641a96d1b0d5b7ee6837a95d39

SHA1
6c12914f2c9c230dab71f9e39182634144b09f4b

SHA256
3e9cbc0a8b99d0d8e9c81a4cbc47e57112d2ef0fb5ca034cd1a08c3e4f9497ed

SHA512
45e8f6a5f797bd5fe8bb0634cbdc77965de5ce235178e0c722dfd26116aba281ad5fab8671514e0e2fe0fffaa84918f662959f2e27464505cf8f04f2e973c56f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
7d729418bd4e910777b489ad87e6b969

SHA1
f31d5aaadfabfbfb139ceef4edd578cec8a6c95b

SHA256
153c92c7b004f3215b5075656834d5f450a7be8469b987666f1c5086a99e0f3d

SHA512
de81c1c0dab55df21dd2c65acbdddaa984e045cfcee82165807a04c4e8c1269eb8264b193fe63c7b9d6d6078af32cf59fafab2ce5dddd80099c998d0c6259237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\PCClientBootstrapper[1].json
Filesize
2KB

MD5
98829de48b76b3fef50cc5945df07982

SHA1
1e42e241def41819b8edc0db1fe8fb41d438d40b

SHA256
2a8e8d412afe68f2bb61d45e35238caa5656e7b664c2eae31891f0a540a6f727

SHA512
0a20bfbede0707e678e4204d2ed0f4a8eb0c2221b4053aae98370843d96f90ba496756e51d41ce573d8cece97a60ea62c4470750a1b03dd5c25da1a9db293b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\BatchIncrement[1].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\version-be30b823d3fc46a0-rbxPkgManifest[1].txt
Filesize
1KB

MD5
5e596a21c9d7f8853210c9fe663f7692

SHA1
8616e612cb6a03b38cdecbbd5e501f1f6165bc7c

SHA256
99c051dda1bae6f9b7d4a5ca411577ed77c354b7004513005406a113d91e0d67

SHA512
46c28501905650364ab18d6cbcbcda2a291c3a4850d5c5137278beacfd1436dbf495942491da057751910bbd3046e810503fee7cb2cf8003e0622ad4b7fcb9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\WindowsPlayer[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-486981CF\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
51e625a68b4c6df3188f5e818d37241f

SHA1
2dc1607caff9b6eb7bafcda31b98c4bf3a2aa751

SHA256
ac5c3f3814a9898bb58689ad7e789992fbc7d038e622ec5018c6123e78d51afe

SHA512
cdbd5f2d38b731fc5785c68409a713cecccff3435fb612932391e3784e7402c0ff22ae817a8f7b50f644009cb61e508ba81a7be8302047106c7e6575709de77c

Download Submit