b672e59bb345d12ebad37d174cfb2a581ddaa1626f1d52076696d5bdb1b3bdd6

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerLauncher (2).exe
Size

2.0MB
MD5

ffe818bb675c441ae967cb0fb85b56d5
SHA1

d1ca6c9bff52d2249698919bc73462f2de2bb284
SHA256

b672e59bb345d12ebad37d174cfb2a581ddaa1626f1d52076696d5bdb1b3bdd6
SHA512

66e5590134d575af49c810979c35d6f6254226ec712e7413525b47bc15082aba904b9b475ce270586ed1f378e5efb5af5d8924f3e86451b44c96f70a59b65963
SSDEEP

49152:EZbE3RF3Qm9zVOfmTNtTMvapMagMTz+MPPMQ3dSK/T7ob60VWg:E5Ugm9YfmTw+ob5

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher (2).exeRobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 2 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

pid process

3756 RobloxPlayerLauncher.exe
1236 RobloxPlayerLauncher.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher (2).exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher (2).exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\getNameColor.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\icons\ic-back@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ApolloLocalState\ApolloLocalState\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Emotes\EmotesRadialIcon@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\Misc\MuteAllSpeaker@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\PlatformContent\pc\textures\glass\reflection.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\cache\core\types\Cache.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserLib\UserLib\Actions\SetUserThumbnail.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Localization\Localization.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestEnvironment\JestEnvironment\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-a406e214-4230f473\ReactReconciler\ReactFiberReconciler.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ApolloLocalState\ApolloLocalState\typePolicies\Query.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Flags\getFFlagAddFriendsRecommendationsEnabled.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Roact17UpgradeFlag\Roact17UpgradeFlag\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Settings\Players\ReportFlagIcon@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-1.2.3\LuauPolyfill\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactDevtoolsShared-a406e214-4230f473\ReactDevtoolsShared\types.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Cryo\Cryo\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\ReactTestingLibrary.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\installReducer\VerifiedUsers\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\ProfileEntry\default.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\InviteLinkExpiredModal\Localization.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\MessageToast\RoactRodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserSearch\SocialLuaAnalytics.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\GameSettings\delete.PNG	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\ChatWindow\UI\TextMessageLabel\TextMessageLabel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\FocusNavigation\Utils.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\execution\__tests__\union-interface.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\utilities\TypeInfo.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\InGameMenu\GenericController@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\PlayerList\ViewAvatar.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VirtualCursor\cursorDefault@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\countParticipantsInTextChannel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SystemInfoProtocol\SystemInfoProtocol\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaApp\icons\ic-more-profile@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\ChatWindow\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Events\AvatarContextMenuWhisperSelected.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\btn_removeEvent.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\menu_shadow_side_right.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\DeveloperFramework\AssetPreview\close_button.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\VoiceChat\MicDark\Connecting@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\queries\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-90b08185\LuauPolyfill\Array\findIndex.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-9c8468d8-8a7220fd\ReactReconciler\ReactFiber.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\GameSettings\CheckedBoxLight.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserLib\UserLib\Actions\SetUserThumbnail.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\ui\Slider-BKG-Right-Cap@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\JestRuntime\JestTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ReactProxy\ReactProxy\Shared\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-24c5c11f-f6df649b\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Button\StickyActionBar.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\Utils-debf4142-0.2.0\Utils\prune.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SMSProtocol\Promise.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\content\textures\AnimationEditor\ic-checkbox-active.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\Commands\getAutocompletePlayersFromString.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\roblox_lumberyak-5fead8c7-0.1.1\lumberyak\MockLogger.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\roblox_rodux\rodux\createReducer.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\installReducer\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\textures\ui\LuaChat\graphic\gr-overlay-shadow.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-90b08185\LuauPolyfill\Array\shift.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\ExtraContent\LuaPackages\Packages\_Index\NetworkingUserSettings\NetworkingUserSettings\createRequestThunks.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe

Modifies registry class 36 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-be30b823d3fc46a0\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

RobloxPlayerLauncher.exe

pid	process
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe
3756	RobloxPlayerLauncher.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

RobloxPlayerLauncher (2).exeRobloxPlayerLauncher.exe

description	pid	process	target process
PID 3592 wrote to memory of 4440	3592	RobloxPlayerLauncher (2).exe	RobloxPlayerLauncher (2).exe
PID 3592 wrote to memory of 4440	3592	RobloxPlayerLauncher (2).exe	RobloxPlayerLauncher (2).exe
PID 3592 wrote to memory of 4440	3592	RobloxPlayerLauncher (2).exe	RobloxPlayerLauncher (2).exe
PID 3592 wrote to memory of 3756	3592	RobloxPlayerLauncher (2).exe	RobloxPlayerLauncher.exe
PID 3592 wrote to memory of 3756	3592	RobloxPlayerLauncher (2).exe	RobloxPlayerLauncher.exe
PID 3592 wrote to memory of 3756	3592	RobloxPlayerLauncher (2).exe	RobloxPlayerLauncher.exe
PID 3756 wrote to memory of 1236	3756	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 3756 wrote to memory of 1236	3756	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe
PID 3756 wrote to memory of 1236	3756	RobloxPlayerLauncher.exe	RobloxPlayerLauncher.exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (2).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (2).exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:3592

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (2).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (2).exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=1c1d562e2b76ffbba00795ff3ab1415e381b3d0d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x79c,0x7c0,0x7c4,0x7a8,0x7b4,0xbbf810,0xbbf820,0xbbf830
2⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe" -channel zflag
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3756

C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=zflag --annotation=RobloxGitHash=b30562552e929b28b3892128001fd4fb6e2722a8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6f0,0x70c,0x710,0x6ec,0x72c,0x3db480,0x3db490,0x3db4a0
3⤵
- Executes dropped EXE
PID:1236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-be30b823d3fc46a0\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
2KB

MD5
76cdfa1e64786cf8a512565aa156d674

SHA1
c34fdc21105fbc45b3b7b2bdc56a22e3806b3b9d

SHA256
4d24972297733d46782d4bb9ec3095429d308ed0598508eedff9b6b73e49f909

SHA512
ce1266af7dc4661f200f33268adbdf57ce5454693068d966fd12066d2d9acc71b4338129564350a49effaefefbd25b8483391d63b0b870f1d5625e880279fb91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
9bf77ce85a5a981d86a0f7a4672ba22b

SHA1
62fb7e9f8b763de11a63a156c847e7df4dde7fad

SHA256
44ed3a7243fe9995a4439683d11971670eb00101c3832ad30db5242560b2b354

SHA512
2ead42546c80b3dbb87ac93f1324c85fc0bfed5a7c51a1217993c18d43886a9e7580a80ba9a2b6ec4c7eefd23d274fce561845ab508b427afc906ad594f58e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
472B

MD5
ea599180805480f5f3c4a5aeaf9fa5ed

SHA1
3384c93bf6926b7141c269f9fe5a3b45ca6312dc

SHA256
57b2f1eb3795614be85f623ac1efbe436502c01c280a955f34e7b9725cafcbe2

SHA512
86a55bf900e39606afa9765d7f02c67f8ff88f12db14718f159f8d462590f30831ef621ff1dc6be6a57ae962fccf4eee78b6d318f784bc1c6622ba85b3a505b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
1KB

MD5
6a3b8331e801f083b403b0857ed8d574

SHA1
48d275731f1dbd0630d1ca55a1b05f149a011d1f

SHA256
98651a2da4a4613bc2a03c4128926fe6b05f1af8a7a21e1fedec75db013706a0

SHA512
7527b8857707c8822e4b7f5049ddc9b4c49933e68535690746d84b7f0187a10f36e874719bdb1bf3ba8b035568a7cbafd687b80c4621dc35552d73f7e497071d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
84b1f477c90dbeb15a36b2ccac368a13

SHA1
98258bc6548a59dbdbf2baedc3a8ba94140c7d57

SHA256
00af63b52d5ab007911925c905af313aefb5f6b61e8dfd17bed35abf8b0786ef

SHA512
ab277579fb932eb95fb2b84ec4e8c12aecc196113e24d6cea3a7d182af20266a8997dd55ccf878c8e65332ae081635e8420da84fe13b2908087e8c46054ccc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize
488B

MD5
71495c4d25708be383bced400c21624a

SHA1
d973ee06e532da9560f3f0e45d92228600e21a52

SHA256
38ba633e91c5b0df79987219474f9cb1022e9d79504be8acba152684558a134d

SHA512
796181174c9915415913bde94653a98f0f8e82a1911db38c0600aecbac542b1b4016238e851a11fae96c8d7703207c4a1303022cd872236deaa1b7e8f2f9aa73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
662411c21c81e499e1ac13ba40c95429

SHA1
f7ae534fc43908e940333b22e50f85948856e79a

SHA256
f800b6bd68a0916507aea4803da43d91bc9bf9559885c7a91c7af2a0501ea7d7

SHA512
3d82dc7668fe9ce3323cc7b7d0d2ef0ee8a321a026816c2cd5bbddc4848f47ed72b470cfc346ada1986e6e929ad985a08800749d9e012874d1a111e5fee0aa6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701
Filesize
496B

MD5
1e8646b471fdfed9fe082b1b357d4763

SHA1
ab7cec0af9cb2f5075cacec87c6d6874e50eb81e

SHA256
46f36ffe0beb576f6565ed06d2e319954d0dd0a8351257b8316eb0e7e10ddd52

SHA512
e544b6fb939cba55e8ebe1bb48f20d3d578be6dd34d7259ead581a82a8cac0230820b8a95e6a0b11851edbe0c3978a86e86125d17a8512d1a588b0d49a9ce9f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
482B

MD5
66346ee749f7b00b06bb86d0320782a3

SHA1
da4c850299ae9c7cc022120c7b97d819b1153b58

SHA256
f10b831065249923feba4f0722b610d536761fac4cc46815f4267a5b75d9cba0

SHA512
3f5709a5df455939e94d7769930080a051c431afae736b5883f1f82ef03d0115c60e3f073c8dea1bf34d3eb7388e6b62a6c0b92785d169d04f82632dd1f4b06f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
430B

MD5
a59f8c60ec86f18b580614967be6af5a

SHA1
a59cf26e7b68fd449cbff8329e6638636d701c48

SHA256
d850235f57d98d58288210ee162353cc08806c0c3798d10a0238dba871dc198a

SHA512
258dad5b5d3e8c1f3082b30f139af257cb2aa3a7649f5aa2201bf8b674d1c38775d44e3a85e4e1a85e45a7f617d9d50a2b26b129930e7a0b5e3eb36bb3158732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
95ba7affef7b25def9fd3704249da37f

SHA1
15f68aeea12fb9a49fb5a944418fa1f0a64392fe

SHA256
1016455e785d506f91ebf123ac771df8d270540293a901b2bcb083c8ce9bee18

SHA512
1dd14832bacc38d4e843fde55c0499a687b93d1a865727db430b473497a82cad308bf71bbf456a89b2d25b0ea7e96b2d8111beb7b4408894400eaf0611ae3b8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
43b5b984a053b2049f50678b8abc0abe

SHA1
68176093c64302a7a433291c47d2068029221f13

SHA256
0617d8fc4423c821e4b93a28b4255d81745d302a221fc1aa49b75d42bf4ea185

SHA512
85f48d62fd93336a0834fd518c3324d877eac8d5d7812c29f9f7090b649377d1fa9d2db1c66caf349224baf01b296fa0cec0da7ce9a54b451a8cef7f69e69297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\zflag[1].json
Filesize
7KB

MD5
a633bb3d2b386965e1f5c0fbd5e2e583

SHA1
6d81603616d5546785c19dcbce6931885da5e015

SHA256
875309fbd7b5922c9f51fb4f2b5363ab727308d3152285d4ecf8526650d31a29

SHA512
e7569777b749284be03c62dbe9a42178b8b61cdb92aabb96802820eff30ab9e59ec41a05c69449d98184931f30dc43ec10bf191196f5dfba8643d970b64b8dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\zflag[2].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\version-be30b823d3fc46a0-rbxPkgManifest[1].txt
Filesize
1KB

MD5
5e596a21c9d7f8853210c9fe663f7692

SHA1
8616e612cb6a03b38cdecbbd5e501f1f6165bc7c

SHA256
99c051dda1bae6f9b7d4a5ca411577ed77c354b7004513005406a113d91e0d67

SHA512
46c28501905650364ab18d6cbcbcda2a291c3a4850d5c5137278beacfd1436dbf495942491da057751910bbd3046e810503fee7cb2cf8003e0622ad4b7fcb9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\BatchIncrement[1].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\zflag[1].json
Filesize
119B

MD5
8e7e1124df5cb13bde562332564be4a4

SHA1
37314dc17a1a5635581abbaedff6ab677469a334

SHA256
fca98f982f815aaa96f89bb30515e35e5dde746fcd175fe987d5d885d0a8b4b0

SHA512
2f16df7776ff2d8e3ec1288ecc9f333553e875c2040f83677a1ca0b6f0ad664b957a0a71001f11cd5721a13c1b0a38e1cce29239c772ced1b9ca689b474b1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\PCClientBootstrapper[1].json
Filesize
2KB

MD5
4b220deaf4fd3370c2b7ddbb2a541549

SHA1
8a198376e29b37bac2837f8ccedc85a583738ca5

SHA256
d40df69638475cba8ea684bd7bf6bacba879cdcb8ed94dcfbda7ded17af5e2a3

SHA512
1d5f193f9fff2e3147dcdfe33914be803a26dd131bcc3c65b9c132f3c8bcaa0fa2cc81fa9efaed7b6374775a8aa7efd20d13065de483210865742b056759bfbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-5634925B\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
6b68f3be3850e9b2ac03bad9f4de5b88

SHA1
57c59090e38d6e0128874ed93f53a4e3c65ee47b

SHA256
159a30c008bb234af56a7c786cb5352e7b96dc62fac6b2ca2ea7fa75fc6841b7

SHA512
de8b266ef96aec59987e025dfccd51d8bd91e7e4523c6bc4ccab73de5819b429033da773c1f155e98607d1d60bd63e1b07deca2b454493bd5b8122cc265bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
00ba863cc19369fae12a808ac2c7d818

SHA1
4c56b8e49120a11ecb6dca0330cd0ff398ddacd2

SHA256
70b8df1b8fda1c57fddf4590f24e71587b3f14e0efabec7f6315b4472001a751

SHA512
27e075f592df2d180e298fc04625859a1e48f2f80b4f40151ccfb87f56eb4c9cfbca065ec9d727daea934ac68478a4fc3683cbe4873329184d50c0bc1b22a21d

Download Submit