hxxps://www[.]roblox[.]com/home

Resubmissions

24-02-2024 23:59

240224-318vrahf81 8

24-02-2024 23:44

240224-3rkrkagg97 8

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/home

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4632	RobloxPlayerInstaller.exe
2080	RobloxPlayerInstaller.exe
2212	RobloxPlayerInstaller.exe
4264	RobloxPlayerInstaller.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe	RobloxPlayerInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3844919115-497234255-166257750-1000\{EC9A5746-56A2-44F8-BD72-1814EE9A649C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 176816.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
3572	msedge.exe
3572	msedge.exe
1752	identity_helper.exe
1752	identity_helper.exe
2596	msedge.exe
4884	msedge.exe
4884	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
1460	msedge.exe
1460	msedge.exe
2080	RobloxPlayerInstaller.exe
2080	RobloxPlayerInstaller.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 1940	3572	msedge.exe	86
PID 3572 wrote to memory of 1940	3572	msedge.exe	86
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4220	3572	msedge.exe	89
PID 3572 wrote to memory of 4604	3572	msedge.exe	88
PID 3572 wrote to memory of 4604	3572	msedge.exe	88
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90
PID 3572 wrote to memory of 2348	3572	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/home
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb4da46f8,0x7ffcb4da4708,0x7ffcb4da4718
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,18178028959185819287,16099427442647860666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
1.5MB

MD5
08edb07b4f13c86b979553c4fffc8064

SHA1
ee04f74c6674000fd0eee5a7b8435b83ae0aa388

SHA256
ab405633a0703191a2f449071e4df531a0bef4ea9411834ebc263b26d2ba66a9

SHA512
8f3546cf85051f4b7e210c7df8cba1b4587e9955a08c279ec4f6d8e72947ff397fd91bf90c5ad3ae2cffb88b198aa21ff3ab1edb7c6b4e50c1dd886acf94262c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
97KB

MD5
d347e96ce4517124b58ded44d539c691

SHA1
cdf955ccc2a9edbde36fd89c385d86189e44a1eb

SHA256
fa785a5e3361dd9bdb4b0b2154d071e690d668364931b24f706ce639f517a11c

SHA512
cfcaf432f2440f8fd43d68ca2f1f0265c44c0356d90555e0266b38239afd89ba625eda927a34a9431bc1319440d1d2ebbeb0b027b46bb127fbf803672d50ce5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3effbbe89e535398d771eb3198e8d18d

SHA1
343452566484d1d9517c1dc9d9e2cb704d95a498

SHA256
3dba9dd56f71ee3f41b353f53b23c28bfdbcd2962f44dd687ee6d33c9a122348

SHA512
6b02001caf651bef8e0c0f73c589aad15e2dc9b7abc7eef40a725b268432cdbf57ccbd5bccd43f932f7e36fc384eba3bafee87b3e8e3c1347af8e4b545c2ee67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2bfef4376c340595c50aaa4fbf4f2f1c

SHA1
ba090e823f4aaf684a719e5fae6aeaf858dcb0bf

SHA256
1eaddd90d783b0f592fae2579d40453f8f64830e522271df9ff7ab3effbf85d3

SHA512
2dcc9bfbc60b1ff674ee1d3f75eadb4c8ccef370bc1595d48dd9f30b429e085991b946810b48356ebcad00ddfefa0da9f06e6bc3684b2b9d2a66a25b02fa4a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
bd59fb02d3c6f9228760fc3a1331fea7

SHA1
854f42d874d2321d5999f12a2dd3d03d4f1021e6

SHA256
569a66b856221b2649664990041a23074dcdb7c7c58c62ba9bd4063952a388a1

SHA512
56e71b9b1a5a046d4448f9003f8e1631e475644da479ac64291460ab49a9707a395ce65676f13f089ccac7dd9131ac1bf1fc8f37513b589565ba16935331e168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6797a81881aad29d79e8dc856b645b56

SHA1
092e38c950200d6b89e5f3b8e19feab62f85d7a6

SHA256
46b6afb629ab05a65f2e01137ed1eb89066e2d04de3c29775334fa2222d57828

SHA512
00178898f57711b805ad305cde0ae8870e1c879416abefb867cdfc7d61f31646af0c49759ce9a39276302077e2e87a8493337b8a5250f68545a778235d48c97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
427d68705b334f6a1d7a48dc964b0d26

SHA1
4e4e1bca07f7c4c7a023789087270e84b2540972

SHA256
991c7cdb03bbdb03f98238da5c7e35ed57964ba7aae39a82abe2b5403d1615c2

SHA512
9a2feca82f8a0766688b9df505026068005104c995464eb19f5eaf696d3feb37343a76f7050ecf4971523e0d7a92aa975976605e10d85c989ff850d36ffbb768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f985ebd80b45a53f0efa67b75294d5b3

SHA1
fde3e4030052b53d306c6f34edcea5bceceedd12

SHA256
5b90bbfd55018bc8c724b45c445ce589570d46636d9644be0981e91667ef9cd9

SHA512
01a1c67326c96afc8532c94109a137a8e7ac970dfdd54549702612d4a69b9c076fea0a648c389ce4ac103cc29de4a21613510becef7cc7265275059590b380e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ba4fbd42da199381538311cd75a8cf5

SHA1
5e700aa462153f4e88c0bcfa977ca45aec9d49a8

SHA256
f58fccae792a72988c2f310ecca5e8c2521a383dba8495ee47c4e4f4fea4050f

SHA512
a0be5f69d1dd9fc189146093dd982d213d016ec532dd51a816b348d36228051d4a996278141e9b062b49d5a91c5f928dfea8a98c51e93d6b45c04ca55facb53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50d348eee65b0dbc156f06ff8ab05667

SHA1
f8de593199611569e95d7b405f8aaa17db9640f4

SHA256
e0686bf3c6c7f6354536c5b04b27baeb00a29a78f125ad457cb1b2b6636bc29e

SHA512
c76111b579d83f665ab3cceca1ac6cc8f5f24e014de12d6b4e43ca2565e1134a539e8dbd69ed7d32a4df9b56bc37dc97e02e287f78c9d83fd8c0e75bd8e88dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e4bd9d0c2024ef46372c9fef4997c236

SHA1
7c09e0e9b61b0a9894f0ad10e80bc0e8a942df6e

SHA256
e53b559e8043fb8ace78713f507fda24f61099d4f766827c5902cad65dc451c8

SHA512
d5ffbf40c99329176a667282d2aba7fffb997c694a6e1c8ad2f9928d17d1b7c8e27d325b90a17dc376c58db393db1314f02856411648b092d5c9c1195000cbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
789c4688acadcc87e3df62d7e3f0db70

SHA1
6643f5942e32d6a16f2961723ea183dca2d10ce8

SHA256
62cc9499fb42b61e018c08e6d9af1630713260fd27539b08a5197f867bcdb7a1

SHA512
bc618c81b1e959482ea9604391d2af1d8051ae65990d91328e473a2200d5fede244b930597d23dbd0be55596fc8cf629d97c0480a8dcd85297cc869d5b6f57e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f95e9dff892cfd2267ef092549eb65d7

SHA1
6b20e63807bf614acb7a649ebdd607af496fe91d

SHA256
cef6774c55f015a72c8e93a271949d33f03c68f30ae9325525dbc3f204de6272

SHA512
9b708652b03dbc1dbafcbbc2a8e31dd87d97ba17429c583da89ba26a047399f218f6176d6fdf1a2f4f162d6394eb3c210fb052dc60939648abbe5c56a51ebc58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
85fce8720b3ca00f8a9b8ff3f00d24b7

SHA1
88ea1c0c33950ddcaac41c79956202a30622fa41

SHA256
46f4f9d89284d4f82dfafb889461c9c4a065c96c15bea14077b794d5dd096b4c

SHA512
7c88a76efc52cfe6997b2bd2c134aec2788887f5702465fee8312071a56ba3ce9674047dee6c6358426af82fbf2851d16c3de8500ed13bc058213509fdd54310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fe05562a2ae0e49ee5c18975ecbee6c2

SHA1
66fa11ebaf63e031456937b919750195c79d0fba

SHA256
6fff5c312f1124001b135912555842671d776999c1d7af93f6bef289e9afb7e2

SHA512
deaf4e25307b7f7f7bdf6060564c4d2ec0d5df32bfba87c62e4baeaeb9086236d6ef71cf555860b46f5bfc7e7d532c30f70539b5be031f6af0fb6fe913423234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
348afc57e451720f7d39339e4958ce94

SHA1
bdc945b8eabf4ae645b11dfb901c1d3dfc9f9e1b

SHA256
81aeb723039c6468d8fe322796cf508f98d1758a705c4cccafb9f76cb1c93256

SHA512
28a7496b8ef6d718edccabdece4e62c50dc3fe2dc7cf3b3456eb61ff5f5b5e42b440dc8039512fc33d524f58affe2462baa254e900efa4b3143fa0b1ffd10670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4b76aa6e8aaba5cc50857e635c3e76b

SHA1
6e0fa65717f2c624ec2f003a3cabc5339d3ddaf0

SHA256
cc96a7a62c1a18f4de9370904c81d373d242964625b96ce4e97e355a052bcb39

SHA512
071132c24fd6b973f1f75c346fbcf209c6267fe10335d3ab6408a728a36c80e612ce2e862b848fd2ad38c74e7b0b776e5f769cad83bc27b4e802e21b251d7019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ba54eca727b688b52e8c43c98a71fb7

SHA1
0d59be3f042e39b5f8dcb24b717c7a5363233121

SHA256
d7dd715fa2fa916507bd9875052ae3a35dbfd27468d0828440eb3f849a54e0a4

SHA512
a4ecda367f6ae4fb61fc200ff9374d53201a5ea8d6ed840a39f512298789cad05c29795eb51eff39048a20acb7a86c57e42ad0b8c55ea97d8f8f12985965f50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d5b798d382b6ea7844ac5d52b5a43c0

SHA1
a6ea0f88b99e159ca988efff200e464c4a1c4508

SHA256
8094e8d3374d6d7aa50a7ea3cd1b4a07a4cd12914db62a149b50a11701d0e85f

SHA512
96c616dd6248bc8b057bdb33fbac7df286be1553a635fce968ffea7c3df24164027b4ce18539f3fda3f9d8ee7854e3e0c7445edf1f7a9ddde02e43e08ff2ea6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1310c00dd612be43cd46ffe14517c865

SHA1
806ccf638cdfc546cf506e387737ae4a10bbb935

SHA256
e6b2e0b12ff887fe3cb6e0fb08352e88a4a14315d4074856d1ca4a23ed303a4d

SHA512
0e24c0b2f25a1c494246e20a91e13218f0cb41cd31aef3d9df2e87c40d46fb55315b43fa4576b4b58701dd4e4672675f191e5ac687233f056021f289bd452d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79ac21569eacaa72805fedcbdf00c72c

SHA1
3c1d791ec72af6b2348117306e1b46da0f9a925c

SHA256
66f6ef75c053b5ded412b17a1380f16a153bd1483ea8e6ac04e0bf352b8d5485

SHA512
367e1c57ac35c59ade270bab8f9b7fdfcb375815a2b65d3ba33eaccafaf89682f84e743086f7e61b744508b4442d91e13415ad09ce023a5c555f098936999604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814ac.TMP

Filesize
1KB

MD5
e5a82599611df93277408ed837fa64cd

SHA1
4aae994cf72723099c83486b5eb19004ebb3dca1

SHA256
a2150dca7e4a3715e2ac741718501a85ba67a09c693f5cbeaa604b082667f326

SHA512
07bbaf75c11d52b07c308e9a6ab7dd1994a7915a8125ce49e713b599e210c67b5c720d80d1cafe715b6a4081e100bb0ba208cfc5d8631824869003f8fe41e528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbdaa170-7111-4c4f-8c3e-9631b5f0aeb7.tmp

Filesize
6KB

MD5
39412435fa07ca44bd53ec14d481af41

SHA1
4515d9222dd868c7639760c23625063e15ca7010

SHA256
4950010d54e32e1f1c4e690949859c9ece8fd902aa0d2a6b2aae90a076c4fccb

SHA512
d95b74a18ba8fb73a92ca4b5a0c927593febcbae788d8c17d75e6366327a236d03403194c485a6939289a1adf77eb9ff48b4e994c86e4a4d8538e29c71534d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e1ac47ab2f3e7ba26413e1d41a030110

SHA1
2615e6385412eacce5b787e1a2ab042d4f445ad9

SHA256
aec22221d9b7707736cf1af2cdf2058322f97468325746def17ab0c1d67589ea

SHA512
d8e7ae62c21a01d8b82c26aaa2f605e7d07202cc3a2dd129b23c4631a08d2b27359a6f3ba750af22f12328a543e118d5c12fa9b107aa4fd2de3df525a9c27cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0de12d5a8b7d19f2304f3dee7909c742

SHA1
abd3203e03a6f10e425c6c35a2b417aaeec9485c

SHA256
3373208119ccb0ecc87cfbfe2884816ed8e470a086f210a3621856c2abaa530b

SHA512
ed5ef9a5dd0581c1ddb765f267ea998c8edcb98b353e8d21e42e1025f40229aea171dd651ee6c855b0871d48cf0cda6edaeee6a87b6c69af8c3fc28bfa4910bc

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\cacert.pem

Filesize
224KB

MD5
452e60869eb88ddf57579b4f0211ed7c

SHA1
3ce1d4b778efeff333aef30c7c47e66ceed5934f

SHA256
489b7ca945de8b0c980085a83be5d74bf33e60ea9857e70b22d78b078ec847a0

SHA512
41c3057715119030311bc02ec121e8afd01815c4ebd2d629bf2be9635571b850fb0fe8e8576de5276054e9b19e1014ee2c6cfa381930b045050a7315ada8cb96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
3.5MB

MD5
a00b21ab8e424460e1dc0db44582eb13

SHA1
4878bfd59d2b377e3f83278b8fcee94c47b72478

SHA256
21c37d6deb4a0fc1403032a7dfe2eb84633f666a885d9b35589beb8f6c0429b4

SHA512
4cb499f3021530f59a88da4550613b97868965900bd7fc30e528fe51f876b383abcaf6e5f36c2a31300e7fae7cbc1d5efae810b6676517e72153f845ec8d4ddb

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
1.5MB

MD5
3ab37e613fa15317a59b47b6a11ab37a

SHA1
66faae5e5ba9ca538508cc6b1070472cc8edc780

SHA256
5b068cd8278af60a49eadcca138ac5ca1e770da0e93024190d1fe9c375c43716

SHA512
e56df9e0cb20bae7f3ed2cb9f923917c1c7f6fbe175f6d9c59a175bf0f9048f5bbef02ebdc3719e66590333cf93d1f7a58e43496ab693f26bbc37237ba3af82e

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
1.1MB

MD5
e920daa1be08158eab5292be9511fe4a

SHA1
bb38c241f8ff0c5a250e02a22af6d022b69f34d9

SHA256
a87b6af146bca83468e8d7fbb0942089e37964dd911dd83e5e7660e68827691d

SHA512
1c3bf78efa82bbb3b73d3c0aee2aa795e2ee28317da2fff24674613eee4c1b1999f2ab8a3dd15f957153c26008c98ba4c6c7c5fa5acad549e5a08fd9e904bcff

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
649KB

MD5
75b850d6e16754a6afa63422a20e1653

SHA1
1c440423aee2e0b02ce30ca2f98569cd34a4ba10

SHA256
bf75d3f5ce43179e0e749e87c4338fd9d5d8d562758ead099a6eeb88a74e48be

SHA512
b40b4e4ead72cb0ed4e6ec29608989dac1746122b93ff111879c6f903691a58fcc1687a7c6986bd4fb424cef0f3196e5e3ee799995a7261cda91ded9a78d697c

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
2.4MB

MD5
64d5e719b9b0982244c06e67292cbf09

SHA1
7806c6838bb0fdcb2a202f13b0b0005ce3e8241c

SHA256
e904d3d78ac69071a8c8b0fd2a06b5d6b40cf87319fd9c95c412cd5342fafc6b

SHA512
974cef7e1d954ecaccd236934ca0cc76c376f9bc20ae3450dac2f66583b4ccd371db12879e7a0d5311109e68a5779142b82661d562adf5fa8888e233b26bbb07

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 176816.crdownload

Filesize
1.5MB

MD5
8629ca4361548a691e545e3b88f6502e

SHA1
b2a2eefc9e76589ee63b15600a365fa2db6ff3da

SHA256
2a1f5d93a186311608826bb456116335b2c061748334e9a9bb079b0e8570b1ca

SHA512
4dbdbcb723be605e07683ce9e3b10d06441bfba01f91a6c7be2a26f246775ae22897d9584bceeea251b90006db7d3463d49b0ce5e2b21fada8e7ea1350f95128

Download Submit