Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    267s
  • max time network
    304s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 14:43

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    2.1MB

  • MD5

    a37cac76cc02bf62462a514281e29047

  • SHA1

    5b430683926059ef58df924fd87638abb2d82eab

  • SHA256

    af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734

  • SHA512

    c94ffc5ba4a4abddb437f46115f1eb83e3b6a51224860e337f4286edd0e8442676f3b999a28234c34f61f983cbbc2363fb953306dfe1ef98d710752e0e29ef51

  • SSDEEP

    49152:NYuRj40EoNbMp3zEKzIATbqa3q2WrT2/MyPMQ3dSIDTrb6SMg:ucjCoNbGzEKzRPbP

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 9 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5f4,0x5f8,0x5fc,0x5c8,0x604,0x698c44,0x698c54,0x698c64
      2⤵
      • Modifies system certificate store
      PID:2984
    • C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
      "C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
        C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=60fbaa906b1f866e4f443e8242ad94e1319ed1ef --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b8,0x5bc,0x5c0,0x594,0x5d0,0x15fdec8,0x15fded8,0x15fdee8
        3⤵
        • Executes dropped EXE
        PID:2892
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2896

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

      Filesize

      5.6MB

      MD5

      ae62ef723642e510c8b4947b4282ab7b

      SHA1

      81077adc6aa8bec313449ba3f6a9ace7215686b0

      SHA256

      f99809b75bf1c380dc7b84c64fcf91e450e3d1658a0b4697691655bd242d9a23

      SHA512

      ba7a35557269abdc921e2f0180577ef30bea4a3379bca47f97a331ad0aaa14214c0f8665a696615f82b00ea6b31d07fabfc802af5606e9238b15b430a9d3f358

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

      Filesize

      2KB

      MD5

      4bde18d2f5b811fed86d03d6adc8286e

      SHA1

      63b6992b87267f42e1ce495db1fe41f0217db09c

      SHA256

      213737f3914c8d8ab9addf3452701855be5f6ac138ed962b29f16c5f250977fb

      SHA512

      4734ae474878ced5b76b998bf25f73eacf4a417443506e5e89bd05e4f847911dfdca56462270fd3a2c7e97f45bec210ae5347c722bf4d1ba682e2fae84496ca2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

      Filesize

      1KB

      MD5

      3cba3b57f5faeaac18f660bdf00f7c25

      SHA1

      21104b4abf6134c895f1f6d8148496e18724fd2c

      SHA256

      391b2b7685c0962929b65eb56682acc677f4ed5d093333f8e45d3e499bd820b9

      SHA512

      e910a1fa6add17de6344dec2e106a224869e78a75ca50fed99b5f502847f52f7bc790b8a2d3a56f56ccf03abcba5715fe20c284cddb1a78382c48bf790902e64

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

      Filesize

      1KB

      MD5

      0edd390a9ee9f40e466c803a9b62ea8a

      SHA1

      614a61309859badbae8df3fd3cfda54762e2cae8

      SHA256

      c3fd50b460eda0bdb628a07078dc6902f9b5446216e12b900015e46f7306563b

      SHA512

      277b4bd3bb8823936d18fb9efb12261e579d1ba454a56285ff8160739656f7c8af3fb42ae9e8986290d8de055e0bc65c81fc5296afe36a8bb716858d6fd8b51a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

      Filesize

      471B

      MD5

      cb5c1b37e863532e1725fcc3a1e0d41a

      SHA1

      687e809d67ab00d0186dbc94f32360b63337cf0b

      SHA256

      947cd125806704ac752b9d72cb6ea5af1f5c689c38c59e7c537445514d29540b

      SHA512

      34d428d756784c117b99617f9746c8ba5afe300170487334804b062e6452cffdfb0430074a6dd935c1611f3bceaf8a5ff37d72affede65a0b9ffa3d5e422f98a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

      Filesize

      2KB

      MD5

      074540d391479062c54a478d16da061f

      SHA1

      ba64224663e926ecae58b176761781d8054a20ca

      SHA256

      11c087265ef3d54c00d7c6f52b8024be61ce244360cff0f6498ec9b3c2f263ae

      SHA512

      acf7a0911930cb02ddb398576f8a5ba2e69f6560e0c9cf55d152506910444b97bab47878658f325b3c52310e0ad235392141f7884beb673e091b272a60c0d9dd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

      Filesize

      1KB

      MD5

      0f3734364fd6107c3897385bc7d689c8

      SHA1

      f4ec874e00d858d7aecf101a53de3309013ecc0c

      SHA256

      7f172daab6977a3636f0ae6d7e2cceb88429b293d3ccec22e556c003466938bb

      SHA512

      82f855cc3b28beced973dc5fe0e7190cbb5d5d399f9093cc9f4b63bff4becc502410f063fa3f98ca82010b4a6ba529629fca59b8995d91793df52df18586898c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

      Filesize

      488B

      MD5

      ca6271ea1f2b3d9441a1b8b1c2ed15cb

      SHA1

      295ccbca55db90571d70b6b7921a56959fcf1e1a

      SHA256

      a4f5f3ba47ec3f583cce78d6569d29a0eee678e717e215a97b4e09e923336961

      SHA512

      27933d9db461d1c3fbad1e81dc0a413daf825288a64838ac8c0948b16f9575bb300b162b7b2affd2cc036a18a91030ea841964204fba035fd9197cd819181f32

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

      Filesize

      488B

      MD5

      a12215d224aa9a0bce0403a1e2d48d80

      SHA1

      46ffc513ed5a72b31a08b7b415664b6be0c88f1f

      SHA256

      30ebf56b2e961c2c0337363f0417494c000e1e3d7c6290a10a58f270af3271b8

      SHA512

      aecab16da7f48068a5aba1dbdd6a03dcdf9bdcf748455735cf043e11df591f5e5edbe9d769d23745acae4077eca9370d8bf9c90b08cf3f97a0098d5588d811a5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

      Filesize

      434B

      MD5

      caa69afc60129f8e6daf61f469ce54ec

      SHA1

      e55c75d0a4c564531ad16ff030758b630fd26a2f

      SHA256

      65759e50035df226452e6340b6d99aca1ea337bccafb3c6fafa13352f512f538

      SHA512

      15466aad605c96c77ff22d3fb7613fcf46c644142c6bb782aa2f1fd8d30fd02e89a142522b37190de37a0ceca9d01f8e1bf6d5496ca0bcb22d873893eb7a81a8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      928e9ebda5fd2053a6ac3dec2c70c7bd

      SHA1

      d2eedd1f6c82754f44aac8d30dbb76d883983ae6

      SHA256

      2d3b391de9acae0cfd0aaf5ffca2063510ff446c28c416c5b1c7726910372a2f

      SHA512

      04f8b4d38ed13fd07dff3d3297db52ade41644224279353d3f595d70ca9901891742015ab59da28496a9794c8c692d4c5b1085fde187e25dee9cd56c8a758538

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      0a650b9a7eb400415b4aeea95c4f1616

      SHA1

      f96ed9d3f85059ba8a705d1d3aaa8533bf89bdd1

      SHA256

      aa51ce0b1f4975e1b3fd8a8d9e3e2f6d26ca13cf41f5a664a59b667320527d95

      SHA512

      3ac037c7310f15c2e74b72902553977bbbb17a91f9364dc892b7bbb61859475184897294f6ed089a39565229a5efa8a8c39c99892fc1856e2f2fc1457d6fa1a5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      4861f5b15da00b14d0cb24de3412043b

      SHA1

      872431aaea8fcb19f5875a6981910e4cfad9cc11

      SHA256

      059116d00a282e0e08a45c5b9d0e7f3aa233c5c3762867c234e7ffc57a35f5af

      SHA512

      a84e8de8a8b4bda5791a3430f82f7932c2cc912e70fd7e6f8d69a3500bee84a5ee400c8517d2594c0897324b9bf7f560eb024604bdb5ff31234362ba30bfc8ab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      3c8ce547c83881ae2e561a11a3d1b312

      SHA1

      f49e60d74cd540945ed082ead44d8418228cf04f

      SHA256

      8f3c47d530d44f38ec120f5e2b3a64a918f44618767d451a6dc128f9d72e8a66

      SHA512

      14ac03124cdd10d4dc42c6a54b1f4ecef6bbe2621380a9ee3a81b0bea55bcfbd847be8a7eb7ec9e4f56f500301303dc9d437654d3b97a084e2e1272052a4c38d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      57ca23294ea674cfac521f7373aeb8a3

      SHA1

      24b9fb53eddac6fa066c99566cebc14650a2ab63

      SHA256

      e1f9a1aa937f0fd171594b9dbd8a7c27e74ff2857bc4f451a5b201d06cebe003

      SHA512

      7cb39fd62014298388a49a3a0ea1c9201959ce271ec82c7e83b21af44ee1fe15edaa8716a533374b6109d1955290b63c6a24d178a6357beca6a5cc4b790dd139

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      eec48af455f6ec0304a013e39d7d93e6

      SHA1

      db2da8d3a4e48ef746f09d9a385234b42b8cacfa

      SHA256

      2394da05f88ecab252e634cd19a9639e453df1167c1dbe55f40fb28b9752f938

      SHA512

      1c14a829c3f9290a0252940bc8f595fefb8d7eab056502cfed95c6ce245c8b6e2747d61282a08b8b8586c791e8810a8a1c0c2c02b26406c5417e142e884de596

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      34e761af91cdeb5b545d210b632bc02d

      SHA1

      26bfd3755e129a24b228da00029004e944c7381d

      SHA256

      ff4ab888c446f1960a049d7d58ca8984d040bdc52f463928e1129a96c93f5225

      SHA512

      fcf95afd513b678b33599c350e2a3eb8e8507daf654e2dfea219334fb2157e5c53c5eb5968c7e16ea5db7138852552c97967a85ec43fe03476024553e2f7797f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

      Filesize

      482B

      MD5

      d59087cb5953a2284316dcc9682563fc

      SHA1

      c481d64d184de18444dbc9968b9149c3e60f1de0

      SHA256

      477522b7844f4649dd615db4c6205a7d757b681a38cc555b3b11f54b870541e6

      SHA512

      59a585b3e62971aba8204c8771316d41ef3fd836aca1589554c0a0d4d54b08f034a543a629549cb5b1d78a8dcb24fcf21463315b214a0c08e8a953ea0b4e4e11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

      Filesize

      482B

      MD5

      aa983455606cafe78b1bb79d875066e7

      SHA1

      190513f2ac18d44daa361d5fa406268bd1fda6af

      SHA256

      8ea9dbc9227b4f06644ff786e42b25a091b50ac73c422e0eb9ba6b13b0fc5c5b

      SHA512

      698d2904fa96df50b87cec02f406fe43e2c048cfb220484a5d6940e5f8ce8022f49287047aa6670160042a002044e5858344bedbc1aeec0c8ceb21013d8d93cf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

      Filesize

      400B

      MD5

      4b794c0088725de4362c65d884cb01ba

      SHA1

      06741eba5210f4dde36bdcce88db09c53821b77b

      SHA256

      a19c5cefb2ed7437ab61148f46d7c704dfeebfa1dd988229a9ab0450cba39fe6

      SHA512

      6069c10cd7635e90febcef8c8f00e6ca70bae927c04a14d800a46face8dba288719197a8b3be63929984091c8608006a04a5ecc624441ea5d87669367b3577d8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

      Filesize

      458B

      MD5

      73a3bd62102d1fb2a02460b50d637c94

      SHA1

      eb4b84d70ab299812b3b6c8ca65ea9b19acd7471

      SHA256

      a6e2bb47920cd3853f052e48ab67ea1830156123aa84ab3f22f467a7f5f36395

      SHA512

      3e08f3fb965a01384a5b3a481878b13e3a6a7b746807c66a245292864046ec47e5fcc53b438544f930c52620df7436feb8f901d15900fba7b3149f248f929a06

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

      Filesize

      432B

      MD5

      d5ba0623b36b5d1050f9ff3da64983cb

      SHA1

      7be9b5aba84322a9c3b7d9ef3dbfcc6ea74fbf96

      SHA256

      ce80ce96a335d89024fe6ad74214693cc16f334db0a65bf5c3be4f2706e11721

      SHA512

      51764a3792b2c675ab1b6148bc7421fe966baceb0bb7723c0c40029ae6ec595f0b2537c20d263a8b58d49911638d57ead731133cf17fe17e10036efac16b2a02

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\WindowsPlayer[1].json

      Filesize

      119B

      MD5

      7a4f61c16994714c7d10abd10576f64d

      SHA1

      51a9595244bf96fcbef153cde2606d9cd4762384

      SHA256

      ef0f0903449e72b1bb72ad78f8a313b43863736996f08934f433f27c7c3672af

      SHA512

      4988214e504492db493af674dc07bdaad0e41fe780129a3669524dd9474a383f74bd30742cc6b8bd02fdd1dc247a5cdcfd4b8e2f307a5465378d6252c8bff862

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\PCClientBootstrapper[1].json

      Filesize

      6KB

      MD5

      cba4e37d2b13f0efe66a96453122d494

      SHA1

      a68d460683eea5ef3cd5c0003bbb46354652f7f0

      SHA256

      614dc46ab69f5f07992be9e4df35228d39ca43423fa2e52767822c3d0572fc05

      SHA512

      ee1cecfe66642e203b1f5e0e29e95631c628b5231d04097f82c8377ee622bbf710a1c492700f997a4c47a508007073307458748b4513816d95b475a77cc916b1

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\BatchIncrement[1].json

      Filesize

      163B

      MD5

      bedbf7d7d69748886e9b48f45c75fbbe

      SHA1

      aa0789d89bfbd44ca1bffe83851af95b6afb012c

      SHA256

      b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

      SHA512

      7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\version-8764cc9c84a5459a-rbxPkgManifest[1].txt

      Filesize

      1KB

      MD5

      1c7b214e4eca77fde043a5e29bcfb295

      SHA1

      260a3512f06fe20b5838895fec47883efae9f758

      SHA256

      3f3ac87c23d98322c7a3faa1a9fad14da9562aacabd06daef9e6960ae9e23b94

      SHA512

      56226c74cff52bcaad4665dbae01ac1d0be55fdd0fed457544b46fab07100bd7d35955fe0e8f526188a09fb67ab10469f01761df30a60c22f2722c607be3a658

    • C:\Users\Admin\AppData\Local\Temp\Cab908E.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar91EA.tmp

      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    • C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

      Filesize

      40B

      MD5

      464e6838abe376ed3311904f0bd7a1c9

      SHA1

      e1c62671b7ac304029254d1686c36d4650bca6e1

      SHA256

      684f27b8768561956c36bd78ed8caaf11b4719b18cd466fd289841ce0b02d4d9

      SHA512

      eb282bc5e7f95fc5b2b41b03c9ae37ce4c9aba3295f38651c7c33df028dd9ec36ab5fd4831285d6a53f28f71bd70c05cc0ac06d669e5d2000c502f585e44bf00

    • \Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe

      Filesize

      5.6MB

      MD5

      f54b7571f1901e471133d4723140048a

      SHA1

      1076f97284ecb4e0b53be62af0c8de7bcef507f1

      SHA256

      32182938735b51764cb2b4f788a5ee316fbd56581aecb9698a77470981392b71

      SHA512

      df79b7b13d24e9f3c2fb8b62c58eb06e69f0dff88ecfe57190df1118f0c4e800dee7e6f10db41140c42bbf689405ba2a44f37521ba30679c866c195ef9732b2f