3cb2387973d95e8f14981163e2c4c99c1276d76aecd1799817bfea0b853c7dc0

Analysis

max time kernel
29s
max time network
35s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
14/07/2023, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxStudioLauncherBeta.exe
Size

1.7MB
MD5

0d3ad3e8536c7fc109a6e0d7d0f4602f
SHA1

50b2854b85c719219eb90fea2b9840a679dbb951
SHA256

3cb2387973d95e8f14981163e2c4c99c1276d76aecd1799817bfea0b853c7dc0
SHA512

0f22959e4ca8cf3519ac7d0700daa57dcd96d847e111f1b68327fd2b136d622ebd0a1fb6449ab4bfc0acd864a57fd00faf02c0c2d05aeb900f411686638fe2aa
SSDEEP

49152:4Gd7ZRerhHUnGcy3pzM83MgIUwpsRX43TRaWapvM9T3YMoPMQ3dACETfA:4GBZRerhH4y3pzM83MgIe

Score

7^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Control Panel\International\Geo\Nation	RobloxStudioLauncherBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Control Panel\International\Geo\Nation	RobloxStudioLauncherBeta.exe

Executes dropped EXE 2 IoCs

pid	Process
4100	RobloxStudioLauncherBeta.exe
4448	RobloxStudioLauncherBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioLauncherBeta.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioLauncherBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\Scroll\scroll-bottom.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\ErrorTestSets.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Lua\AnimationEditor\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\DraggerTools\Dark\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Navigation\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\Output.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Clipboard\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\AnimationEditor\icon_error.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\Common\Flags\FFlagWaveEmoteOnAvatarContextMenuWithExpChat.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\fonts\IndieFlower-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\TeamCreate.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\Network\ClientNetwork.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\Controls\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\AnimationEditor\Button_Curve_Lightmode.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\GlobalWindControl.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\StudioSharedUI\pending-light.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\Settings\Radial\RadialLabel.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Immutable.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Actions\UpdateAveragePing.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Lua\AnimationEditor\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\DeveloperFramework\UIOn_light.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\CoreScripts\AntiAddictionPrompt.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\AvatarImporter\img_window_BG.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\StudioToolbox\AssetConfig\restore.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\PlatformContent\pc\textures\sky\indoor512_ft.tex	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\TopBar\dropshadow.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\account_over13.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\CoreScripts\AvatarChatDebugVisualization.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\Flags\FFlagUseRoactGlobalConfigInCoreScripts.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\InGameChat\BubbleChat\Themes.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Lua\AssetManager\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Navigation\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\TerrainTools\checkbox_square.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\TerrainTools\mtrl_slate.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\Common\Url.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFFlagBetaBadge.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ManageCollaborators\FriendIcon_dark.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\TagEditor\Close.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Placeholder\Dark\Standard\Placeholder.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Placeholder\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\LockCursor.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Lua\TerrainEditor\Dark\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Light\Standard\AccessoryFittingTool.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\StudioSharedUI\dot.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Navigation\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\VoiceChat\SpeakerNew\Unmuted20.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Lua\AnimationEditor\Dark\Standard\Preview.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\LayeredClothingEditor\AddMore_Big_50X50_Light.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Clipboard\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Debugger\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\Settings\Help\XButtonLight.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\Settings\Radial\Menu.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\Navigation\Dark\Standard\ArrowRight.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\TouchControlsSheet.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\content\textures\ui\Keyboard\close_button_selection.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\SearchBar.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Thunks\UpdateUsers.lua	RobloxStudioLauncherBeta.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxStudioLauncherBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxStudioBeta.exe = "11001"	RobloxStudioLauncherBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxStudioLauncherBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxStudioBeta.exe = "11001"	RobloxStudioLauncherBeta.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4100	RobloxStudioLauncherBeta.exe
4100	RobloxStudioLauncherBeta.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 3504	4344	RobloxStudioLauncherBeta.exe	70
PID 4344 wrote to memory of 3504	4344	RobloxStudioLauncherBeta.exe	70
PID 4344 wrote to memory of 3504	4344	RobloxStudioLauncherBeta.exe	70
PID 4344 wrote to memory of 4100	4344	RobloxStudioLauncherBeta.exe	71
PID 4344 wrote to memory of 4100	4344	RobloxStudioLauncherBeta.exe	71
PID 4344 wrote to memory of 4100	4344	RobloxStudioLauncherBeta.exe	71
PID 4100 wrote to memory of 4448	4100	RobloxStudioLauncherBeta.exe	72
PID 4100 wrote to memory of 4448	4100	RobloxStudioLauncherBeta.exe	72
PID 4100 wrote to memory of 4448	4100	RobloxStudioLauncherBeta.exe	72

C:\Users\Admin\AppData\Local\Temp\RobloxStudioLauncherBeta.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxStudioLauncherBeta.exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Users\Admin\AppData\Local\Temp\RobloxStudioLauncherBeta.exe
  C:\Users\Admin\AppData\Local\Temp\RobloxStudioLauncherBeta.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=75e94a4b5553853bd615ec818ff02126b395c631 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6f8,0x6fc,0x700,0x60c,0x608,0x11cd440,0x11cd450,0x11cd460
  2⤵
  PID:3504
- C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe
  "C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4100
- - C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe
    C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=d54eeff5ddfebd99f3acde55a60ecc06b0ab0dd0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x544,0x548,0x54c,0x524,0x55c,0x1178150,0x1178160,0x1178170
    3⤵
    - Executes dropped EXE
    PID:4448

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\version-cb457944642b4d94\RobloxStudioLauncherBeta.exe

Filesize
4.6MB

MD5
f485f0b60d93b0e5aa330765728fe8d1

SHA1
9254daf60ba5ce32af57ba27217d628b5a445383

SHA256
ad7e4eecff78f1253ea0d29150caacb7e6d3a743b43881db32619ede3054c9bf

SHA512
1595a81ada9bdebf7eae5a37cc008ff570427cade4ace2fa8ea6e440846fe9420c8e6922eb8e70ba940bf17ba7b2e7540f36efd60e6f1a53b3834bb9f02f1e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
ea3297e089fbc8b9912ff6c45a083257

SHA1
62c363fc3fdd34f7a930e17decf5e24f4d796c65

SHA256
f8668fabd3711e563365ca21d41fddc984022c1c79861a948607385f1469283c

SHA512
2ee100769a20ed9c73e3790fabd69bdf16514f4737f13114bd3162ca17d87843dff3f0a9b969c04735aa183aabd6f9eb9a2836fcb25128d6f2fc7c1b106a2274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
98a16d70ec2d48064c7433af58fd6a6a

SHA1
a96cb4767738f7c1ca68811fd05c648805d5cf42

SHA256
c02af692333afefaecf7a4a0ade8d8fac5c3af860c23ad8e115fc9505c857ea2

SHA512
0766ee45fe660034ceaeb94dccc8a9ebcfe478359f86fc6cb28c3637c680382c1f044e6f5ce7971d3eeda2c59d0f9ebd883372b1a50a287c0551ef179827e4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3W1APFWJ\WindowsStudio64[1].json

Filesize
119B

MD5
ff5955127bbd9bd6590034f227d3d690

SHA1
0a621a80ff868c5911f0e821c320abf1cb339c9b

SHA256
3dd3dea0264ff8ffb29c778508c7fb432dcb7fb3bfc5fdd5f36f26a53b921a14

SHA512
351c5351d3ef189bffe31bf574332ee2921a90c2818dadf242f476bb642a2a8094f1f3b4e6f0e9058e01a4509c5c04eb53df984dcc19139dff08994f834981ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A2AULULF\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A2AULULF\version-cb457944642b4d94-rbxPkgManifest[1].txt

Filesize
2KB

MD5
11b1b76e664878f4488c0847be7f0269

SHA1
b08d2c9b2dce71f9f873ef5940083123ff7eacff

SHA256
761e1f1583704e69bb9221776845a9cb5b6155e65fc6c734bf5cec1ec5d2568e

SHA512
f300bdd56398d0baf26868b00b96f6083f6323b739907c8747593457f90de8ad63a8c568faadc87c4e0212504ab0d1c15d7b4208f265197bc0a4ba87e6c94df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KFR0RUGG\PCStudioBootstrapper[1].json

Filesize
3KB

MD5
23ab36ab33805ce1927a9d8a6c60ad91

SHA1
6abaea5341d4a593fd77d9cec9cc7f718e078cdb

SHA256
846289a8cc33556e8bbe968a0f4e9e776fe2d488bf9e630ac56dfd9ff21eb4ca

SHA512
a3c35af87b688d330eaacdd2cc34bb5d22b3345f2a48fbe70e978729ec35ae5a02d4dde6c486ab320f5ee9bbf6810b2ed8c2a6fa55617a09635c0e991ca91e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2G1VYU4A.cookie

Filesize
69B

MD5
6b4dafab1406d5f0901a07414ff914f9

SHA1
07517a1cc95147160b0d4c5449d06735386fdf8b

SHA256
ecaf3a0f1c6d0500603556e135bdd3267f3a2f94ca018e96db7e2e55187f500a

SHA512
0e1d1409737ee08d42c04fe97712b604fe777d0357b719eb6aadf5b7135115eb7a2c5334175911309e0520b5a72726d9368429d41a97566dc7ca7c701fb88c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe

Filesize
4.6MB

MD5
f485f0b60d93b0e5aa330765728fe8d1

SHA1
9254daf60ba5ce32af57ba27217d628b5a445383

SHA256
ad7e4eecff78f1253ea0d29150caacb7e6d3a743b43881db32619ede3054c9bf

SHA512
1595a81ada9bdebf7eae5a37cc008ff570427cade4ace2fa8ea6e440846fe9420c8e6922eb8e70ba940bf17ba7b2e7540f36efd60e6f1a53b3834bb9f02f1e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe

Filesize
4.6MB

MD5
f485f0b60d93b0e5aa330765728fe8d1

SHA1
9254daf60ba5ce32af57ba27217d628b5a445383

SHA256
ad7e4eecff78f1253ea0d29150caacb7e6d3a743b43881db32619ede3054c9bf

SHA512
1595a81ada9bdebf7eae5a37cc008ff570427cade4ace2fa8ea6e440846fe9420c8e6922eb8e70ba940bf17ba7b2e7540f36efd60e6f1a53b3834bb9f02f1e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-CC987AE8\RobloxStudioLauncherBeta.exe

Filesize
4.6MB

MD5
f485f0b60d93b0e5aa330765728fe8d1

SHA1
9254daf60ba5ce32af57ba27217d628b5a445383

SHA256
ad7e4eecff78f1253ea0d29150caacb7e6d3a743b43881db32619ede3054c9bf

SHA512
1595a81ada9bdebf7eae5a37cc008ff570427cade4ace2fa8ea6e440846fe9420c8e6922eb8e70ba940bf17ba7b2e7540f36efd60e6f1a53b3834bb9f02f1e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
83ae405392dc948b2639e00b25c8f6c7

SHA1
79abd00bef740a232f05cb280eefa48849b5748a

SHA256
874a68ade8f98e1251ca095edbc35d827a9a36de02a6ba6583db89c6919adc60

SHA512
59876e3d973482cfd5675430657432148b5758e042d0230549546175fe31a46bda328d74bd4b2512a67fe7f46fde30f6b17171b8539505b18f7e48f177641203

Download Submit