47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

Resubmissions

02/04/2023, 15:34

230402-sz1smsad41 8

02/04/2023, 15:30

230402-sxnqasha57 8

Analysis

max time kernel
239s
max time network
252s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/04/2023, 15:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

RobloxPlayerLauncher.exe
Size

2.0MB
MD5

ea422ffc74fbfbd6d980ae8e4d3513e8
SHA1

1f1b01250bbab5d1b893add52c1d6654336c2f00
SHA256

47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a
SHA512

806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3
SSDEEP

49152:oUvIzhIhn1g5yca9e3jTITTMao+8k1TymMYPMQ3dS/BT79b6XrvZ:oSnhn6yca9ezCY9b4

Score

8^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe

Executes dropped EXE 3 IoCs

pid	Process
1104	RobloxPlayerLauncher.exe
1816	RobloxPlayerLauncher.exe
2016	RobloxPlayerBeta.exe

Loads dropped DLL 22 IoCs

pid	Process
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
1104	RobloxPlayerLauncher.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\IAPExperience\ProductPurchase\ProductPurchasePrompt.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestConsole-edcba0e9-2.4.1\JestConsole\BufferedConsole.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestConsole-edcba0e9-3.2.1\JestUtil.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-0ba25b72-b001fcbe\NetworkingBlocking.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-492710c6-1e7909bf\RoduxFriends\Reducers\Friends\utils\addUser.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Controls\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\ChatWindow\UI\ScrollingView\ScrollingView.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\ImageSet\ImageAtlas\img_set_2x_11.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoactRodux\RoactRodux\join.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Shared-a406e214-4230f473\Shared\ReactFeatureFlags.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RobloxAppLocales\RobloxAppLocales\Locales\cs-cz.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\ProfileEntry\withPremiumUser.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\StudioUIEditor\icon_resize4.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\btn_newBlue.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\wait-for-element-to-be-removed.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestCircus\JestCircus\circus\testCaseReportHandler.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-3.2.1\JestGetType.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxContacts\RoduxContacts\Reducers\Contacts\utils\setContactsInStore.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Utils\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\models\LayeredClothingEditor\PartHeadTemplate.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\Dev\ReactDevtoolsExtensions.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\utilities\common\arrays.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Reducers\Friends\requests\sourceUniverseIds.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AvatarExperienceDeps\AvatarExperienceDeps\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\SocialTabContainer\mapStateToProps.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\icon_following-16.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphqlTag\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-aa874f8b-86a611f7\RoduxFriends\Reducers\Friends\requests\byUserId.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\ImageSet\getIconSizeUDim2.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\ErrorReporters\Backtrace\BacktraceReporter.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestTestResult-edcba0e9-3.2.1\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Shared-a406e214-4230f473\Shared\ReactSharedInternals\IsSomeRendererActing.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Text\ExpandableTextArea\ExpandableTextArea.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoverabilityModal\Dev\SocialTestHelpers.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\PlatformContent\pc\textures\water\normal_14.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\AppContainer\Logger.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\validation\validateTags.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\loading\robloxTiltRed.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\tutils-aa9a0351-0.1.2\tutils\checkListConsistency.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Dialog\Toast\Enum\AnimationState.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Components\LoadingBar.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\Localization.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactDevtoolsShared-9c8468d8-8a7220fd\Shared.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\InviteLinkExpiredModal\Dev\RobloxAppUIBloxConfig.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\installReducer\PremiumByUserId.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\__testUtils__\__tests__\inspectStr.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestEach-edcba0e9-3.2.1\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Boolean\toJSBoolean.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\FriendSuggestions\Components\FriendSuggestionsContainer\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphqlHttpArtifacts\GraphqlHttpArtifacts\virtual-event-integration-success\apis.roblox.com\get-virtual-event.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\UserCarousel\Components\UserCarouselContainer\UserCarouselContainer.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\mock\mock\resetMock.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxContacts\RoduxContacts\Actions\RequestSent.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\ReactFocusNavigation.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\language\visitor.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\polyfills\objectEntries.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Merge\Merge\typedefs-mergers\type.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\NetworkingContacts-96003ad7-1.12.0\NetworkingContacts\networkRequests\createFindContactFriends.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameIconRodux\Http.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\InGameMenu\ScrollMiddle.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Actions\SetDeviceOrientation.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Dash\Dash\None.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Shared-a406e214-4230f473\Shared\Symbol.roblox.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 17 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\ProtocolExecute	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee404000000010000001000000091de0625abdafd32170cbb25172a846720000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e309000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
1408	RobloxPlayerLauncher.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe
2016	RobloxPlayerBeta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2016	RobloxPlayerBeta.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2016	RobloxPlayerBeta.exe
Token: 33	1772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1772	AUDIODG.EXE
Token: 33	1772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1772	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2016	RobloxPlayerBeta.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1408 wrote to memory of 1552	1408	RobloxPlayerLauncher.exe	30
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 1816	1104	RobloxPlayerLauncher.exe	36
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38
PID 1104 wrote to memory of 2016	1104	RobloxPlayerLauncher.exe	38

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
  C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5bc,0x5c0,0x5c4,0x59c,0x5cc,0x6db480,0x6db490,0x6db4a0
  2⤵
  - Modifies system certificate store
  PID:1552

C:\Windows\system32\sethc.exe
sethc.exe 211
1⤵
PID:988

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" -app
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5e0,0x5e4,0x5e8,0x5a4,0x5f0,0x155b480,0x155b490,0x155b4a0
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe" --app
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1772

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1340

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:568

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\AppSettings.xml

Filesize
149B

MD5
48f58abeaac832f838efd2beb25f4c90

SHA1
7878e28b62e5d9bc9042a3e44094e39668f03384

SHA256
893a58e7946728c9dd5caac10e5bdc306a465e406c1f979ded52a13dafebce2d

SHA512
c5e3025b63eead12a0f8192ea41afd1216dd87b14a07d22ebafc6d3d899a06e80da947b3fcd1b3f2cf53b89b3de9967f89c415394d66c277556373b620dc827e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
113f1cfd4e6a8d9ddf59d9f2209a71ef

SHA1
512da6cfe2a0513799764ddc68daba4c4893e1fa

SHA256
5ced92647584a33645223dd7fc28274d9321a27db1dce1191dfe0cd363100820

SHA512
5dcdbff46923d68aedb3409dcb3f1f32beefa863be29ed062457336aaa16907248c953d757e1c3124e6d298e124fe6994561c6595be10fe183f156824f9542fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
d1bacd6c41c109c7b868f76aeb24db93

SHA1
fbad0d4fe6ef4b7d27b5d56d7ce167cf190726ea

SHA256
a12c36f7c4c4f34421d27e99c410bd281f018137c985dc19012ed99014324a1e

SHA512
195a59bfced297364c73c3f1a5f43e955b65ae9d0ba1c1cb4d703bfa95c59be6f13e7509978e0ab03755b82a64a9d804199dc6d92a75e7e2b23ddb3b1d31a634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
0a94282d52d192cf12df2c6feb4a29bd

SHA1
03210eab758ff86ab7adc1cfd0372a3d683bc299

SHA256
b94edcc12eaca90b60f221528e60ab6059f5ef16e81417e82643dbce160f6222

SHA512
202ede607a1d31c6ed5c2567da4e9339b4986785cedf5fe3e8f1fce689a25ccec4986a47b809f64fedc6be4593ac72106f19c6800bd6fb2fa92fa6323a56bdb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
0a94282d52d192cf12df2c6feb4a29bd

SHA1
03210eab758ff86ab7adc1cfd0372a3d683bc299

SHA256
b94edcc12eaca90b60f221528e60ab6059f5ef16e81417e82643dbce160f6222

SHA512
202ede607a1d31c6ed5c2567da4e9339b4986785cedf5fe3e8f1fce689a25ccec4986a47b809f64fedc6be4593ac72106f19c6800bd6fb2fa92fa6323a56bdb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
92a7337349762a6d29eddcbdb209a343

SHA1
144cc11d71f5104a4ef8cecfca71bd9b8ae8be2d

SHA256
3c96b85b410706551b36a5f81c7230b32d5af624c14ffaf77e797a24e26ba8f7

SHA512
874eebaba2c8e8b4d13f64a874bf400d5119926cf85280f1bdf94309326c975f821a66e125446068b86715bee2240bb17f291878e53ad3d0cdb207e3ad64e6b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
f0d447fede5f14afe939cbfdc4a06a6c

SHA1
463d7a174767379caa9895bb324fa7a8c9cf63a4

SHA256
f9bf1e8276f834706e81f4e93270f347ba954333ae97f602d587548c33ff433b

SHA512
346c924d6d094b08ecd39f8e715d4e6be63771f6ee954eb6a03ee4e4498cda99ce379d9efe5e878a7909fcd668431bcfd2d5f294ea03bd9b221c2831aa5509b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae7cf00453fc880e9e7b75098c453d0d

SHA1
267c71ce8064c1cde14d5a9fabae2e655c895f75

SHA256
9654b4438ebdb591df77602e20bc34fc2e088124e484880f1c61fbf134aed20d

SHA512
731abf72cbe1f8129e979d62466432a7e25809ed888343319901330ffedbf5beb8803a2bde3b6f12c3e3c6b137472241f479a435820f0d2c424a7641e7096b13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc6fa83ee5720a04dd3a3e27fc15ce82

SHA1
067288a302636996c4a04dad07631e8e979aea20

SHA256
04c75d2b06ef5913211ed583fe28c0943f24feb2caf8733e9624ad66c0fc919f

SHA512
b886067b1ccde11dd71613e01bdfed5f9b30754b52bf70c193e90ffa77a2f9581149ec3bc51741c08500bf6cfc531c1d592c0813175756246ef64e1206bbc4ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d222b78f28ebbc6959a9f2dd2f3db330

SHA1
d82c5735e9048add648a1bfcdcaeba88dff989df

SHA256
cd9c330cf56ef9b5c1bdafd3d3e9a518cb418c35d3bcec24a070385fdd434231

SHA512
f27ef0ee123eb240cd39bb5b8a60e850d72fbb61f4058105c3b43c0c569cc33ea397acb7d98a8d5cb53e603d7a9067fb209bd99bee001c342e90d88515c9e07a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
a19172ba6cf4d8f4b53fdeac5f7b7b33

SHA1
ba190ce3336e767f03b2e08ec2d6cf96dbdfeba5

SHA256
a6df8c8ecb7861d052c2d2c0a454dd4a473ff52ef6a2369c8400e31f930d27a1

SHA512
6e2acdf154431c3becf7784c934b7b224cc66b007a9677d8b18b1558791f780fc48e1a9454b1d52c5961812e8dbba78c90128b825567af8eed88947cbe185455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
e595f35f9fb909f8a0ad6fb9795272de

SHA1
684754fd593589fae78e0b289e6c0058122a9461

SHA256
61756047f01d8cbeefb5c756c286f10f5c99dc345efeaa7c13e920a5b667406f

SHA512
d23a1b249113bb735a8b397316c70704999e98c1f5d273c0080e979f6fe99db388b093f4a9942e0bf1fa9fa4c5644ecca9b1cfd849399d731d64f7765fc2d0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
e595f35f9fb909f8a0ad6fb9795272de

SHA1
684754fd593589fae78e0b289e6c0058122a9461

SHA256
61756047f01d8cbeefb5c756c286f10f5c99dc345efeaa7c13e920a5b667406f

SHA512
d23a1b249113bb735a8b397316c70704999e98c1f5d273c0080e979f6fe99db388b093f4a9942e0bf1fa9fa4c5644ecca9b1cfd849399d731d64f7765fc2d0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d7179e8a982f9279e45c377056ee5f01

SHA1
34e32d3564f585f18ecc820fa4ce08f47062ef94

SHA256
6428da681c558956384473b6c542b86099cb90a1fd8be89faaff17fe30a0b93a

SHA512
b022eea93955251b4d4bc1189ad07d53c59b4b9e1dd01ef011257030d9b6f76cef01cb86823aaf221f14d817e2b35468a861c3879c1401b9c2f5946773e73e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\WindowsPlayer[1].json

Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\WindowsPlayer[1].json

Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTB503AZ\BatchIncrement[4].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\PCClientBootstrapper[1].json

Filesize
2KB

MD5
011de36b0efa683882229ecae9b55afd

SHA1
4b437507fb2643fb90fb24d563a64a79cbc84fcd

SHA256
fab50d3c82cab58eabbd914934f8bd56b1d0f270be25c31e29a6c9a92ca42425

SHA512
e04341afe5fd8ed422f5a3aa1386722bea872f49d7c951877d56e38e6db4c549a42156c2b09cf75f7e7ecf66353c5f894b89306046dd16c2f435dd6d5da84e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2011.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2030.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar21BE.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
9f1ee050303f347fc635811b6f5380d3

SHA1
e6d3f5d268524fcc8a45c04503e3c35868646338

SHA256
6a120e2f21db99cd5474d0f9dc67690ad7c082120ecdbd18bb320b8023a8cfc8

SHA512
9cfec96da32078b4c3590c273f600d9d51b209257e73f8e096eb395067b7dbefc825eb130ea03cf0fc0138ac06e916762a9fbf64e3a70d85b3fa4bffe2c80adc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\P5GF00GF.txt

Filesize
68B

MD5
448917bd98fd386cec0441a449b5f4ae

SHA1
b284f153a147744d6f220133ec96d0e922c3e964

SHA256
db4410f30ded3b833d040e3d10e2940adb7a5a3623489831078f992469157908

SHA512
e43cfc10074768d67c719dab39e9eccd2f90218dfcf909fed38fc80ba846fec432470da362ad2af90162d8e71828d8d461ea7fa67438c5ceeb9ba995dfe1fa84

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe

Filesize
57.9MB

MD5
0c905417c84c10e7f50c223ef1db2b1f

SHA1
cb66630b771806c29ffc975d791069715daa4d02

SHA256
32f629e6ff63f1b515ed0d2449bafbbb59639d148aac58b92880747431a49104

SHA512
8c6924c33f16fbc7fb2969f78be35cd25431742b1a6528dbbad7ab9eead8fdb9c8eba58ed80a8187ca981ae0ec8f4cc3b874d77fd9c1edfb58fb7015b512a20e

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
memory/568-467-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/988-208-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/988-261-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1340-466-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/2016-420-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/2016-431-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/2016-426-0x00000000058E0000-0x00000000058E1000-memory.dmp

Filesize
4KB

Download
memory/2016-425-0x00000000058E0000-0x00000000058E1000-memory.dmp

Filesize
4KB

Download
memory/2016-423-0x00000000058D0000-0x00000000058D1000-memory.dmp

Filesize
4KB

Download
memory/2016-433-0x0000000000190000-0x00000000058A9000-memory.dmp

Filesize
87.1MB

Download
memory/2016-429-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/2016-428-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/2016-432-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/2016-419-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/2016-422-0x00000000058D0000-0x00000000058D1000-memory.dmp

Filesize
4KB

Download
memory/2016-415-0x00000000058B0000-0x00000000058B1000-memory.dmp

Filesize
4KB

Download
memory/2016-416-0x00000000058B0000-0x00000000058B1000-memory.dmp

Filesize
4KB

Download
memory/2016-457-0x0000000005A90000-0x0000000005A91000-memory.dmp

Filesize
4KB

Download
memory/2016-417-0x00000000058B0000-0x00000000058B1000-memory.dmp

Filesize
4KB

Download
memory/2016-418-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads