7801bba52470698f00cefa50e4a1697ce6e8c5f248ba75946349bb031779d74a

Analysis

max time kernel
143s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

659207bf817436dcdd520b561895c017_JaffaCakes118.exe
Size

956KB
MD5

659207bf817436dcdd520b561895c017
SHA1

b8325100e8a0eb0c8d805c6564bcbc3994566aef
SHA256

7801bba52470698f00cefa50e4a1697ce6e8c5f248ba75946349bb031779d74a
SHA512

085aca4f77f40d9060e23f71c6851f90388215dc85cbe46ce68f1da9672763874efa7746c42a848d345f5c8cb61e2c597c2907413d3646603e724a75d77b0455
SSDEEP

12288:JKT1g/Pbyrr7hTaawgTdtyRV0LesJoUKaXLpD2TvWTmwXnF5Kl8:JKTGXw7NxpOtUtXNyaT3XbKl8

Score

8^/10

evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RBX-4606747C.tmpRobloxStudioLauncherBeta.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation	RBX-4606747C.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation	RobloxStudioLauncherBeta.exe

Executes dropped EXE 4 IoCs

Processes:

RBX-4606747C.tmpRBX-4606747C.tmpRobloxStudioLauncherBeta.exeRobloxStudioLauncherBeta.exe

pid process

2760 RBX-4606747C.tmp
2084 RBX-4606747C.tmp
3012 RobloxStudioLauncherBeta.exe
2376 RobloxStudioLauncherBeta.exe

pid	process
2760	RBX-4606747C.tmp
2084	RBX-4606747C.tmp
3012	RobloxStudioLauncherBeta.exe
2376	RobloxStudioLauncherBeta.exe

Loads dropped DLL 12 IoCs

Processes:

659207bf817436dcdd520b561895c017_JaffaCakes118.exeRBX-4606747C.tmpRobloxStudioLauncherBeta.exe

pid	process
2664	659207bf817436dcdd520b561895c017_JaffaCakes118.exe
2760	RBX-4606747C.tmp
2760	RBX-4606747C.tmp
2760	RBX-4606747C.tmp
2760	RBX-4606747C.tmp
2760	RBX-4606747C.tmp
2760	RBX-4606747C.tmp
3012	RobloxStudioLauncherBeta.exe
3012	RobloxStudioLauncherBeta.exe
3012	RobloxStudioLauncherBeta.exe
3012	RobloxStudioLauncherBeta.exe
3012	RobloxStudioLauncherBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RBX-4606747C.tmpRobloxStudioLauncherBeta.exe659207bf817436dcdd520b561895c017_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RBX-4606747C.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioLauncherBeta.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	659207bf817436dcdd520b561895c017_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxStudioLauncherBeta.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\heads\headO.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\testScripts\R6TestScript2.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\GrenzeGotisch-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\Inconsolata.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\heads\headB.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-core-processthreads-l1-1-1.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-core-string-l1-1-0.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\DenkOne-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\Merriweather-Italic.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\NotoSansKhmerUI-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\BuilderSans.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\sky\noise.dds	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\RobloxStudio_license.html	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\sounds\impact_water.mp3	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\heads\head.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\sky\cloudDetail3D-bc4.dds	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\sounds\action_footsteps_plastic.mp3	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\compositing\CompositShirtTemplate.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\heads\headJ.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\scripts\humanoidR15AnimateLiveUpdates.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-core-console-l1-1-0.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\Nunito-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\SpecialElite.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\compositing\CompositTShirt.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\OtaPatchConfigs\DiscoveryOtaPatchConfig.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\GothamSSm-Medium.otf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\NotoSansBengaliUI-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\DateTimeLocaleConfigs\fr-fr.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\meshes\leftarm.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\scripts\humanoidHealthRegenScript.rbxmx	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelist.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\Nunito.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\sounds\volume_slider.ogg	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\heads\headI.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\testScripts\CodeBlockTestScriptOneLine.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-core-datetime-l1-1-0.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-core-sysinfo-l1-1-0.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-crt-filesystem-l1-1-0.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\DateTimeLocaleConfigs\it-it.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\DateTimeLocaleConfigs\zh-hans.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\Kalam-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\scripts\humanoidRunFamilyWithDiagonals.rbxm	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\compositing\R15CompositTorsoBase.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\heads\headP.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\AdapterReferenceVisible.rbxm	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\RobloxEmoji.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\AmaticSC.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\sky\moon.jpg	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\compositing\CompositExtraSlot1.mesh	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\R15.rbxm	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\DateTimeLocaleConfigs\es-es.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\humanoidAnimateR6WithFace.rbxm	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\libfbxsdk.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\NotoNaskhArabicUI-Regular.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\SourceSansPro-Semibold.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\CollisionHead.rbxm	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\testScripts\R6TestScript1.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\arial.ttf	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\Guru.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\QtitanDocking.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\avatar\unification\UnificationScaleOld.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\api-ms-win-core-namedpipe-l1-1-0.dll	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\configs\DateTimeLocaleConfigs\en-gb.json	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-c5a2369e0d774f91\content\fonts\families\DenkOne.json	RobloxStudioLauncherBeta.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxStudioLauncherBeta.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioLauncherBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioLauncherBeta.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

Processes:

RBX-4606747C.tmpRobloxStudioLauncherBeta.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RBX-4606747C.tmp
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	RBX-4606747C.tmp
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	RBX-4606747C.tmp
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RBX-4606747C.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxStudioBeta.exe = "11001"	RBX-4606747C.tmp
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxStudioLauncherBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxStudioBeta.exe = "11001"	RobloxStudioLauncherBeta.exe

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

RBX-4606747C.tmp659207bf817436dcdd520b561895c017_JaffaCakes118.exeRobloxStudioLauncherBeta.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	RBX-4606747C.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	659207bf817436dcdd520b561895c017_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	659207bf817436dcdd520b561895c017_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	RBX-4606747C.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	RBX-4606747C.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	RBX-4606747C.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	RBX-4606747C.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	RBX-4606747C.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	RobloxStudioLauncherBeta.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	RBX-4606747C.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	RBX-4606747C.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	RobloxStudioLauncherBeta.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	659207bf817436dcdd520b561895c017_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RBX-4606747C.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	RBX-4606747C.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	RBX-4606747C.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

RobloxStudioLauncherBeta.exe

pid process

3012 RobloxStudioLauncherBeta.exe
3012 RobloxStudioLauncherBeta.exe

pid	process
3012	RobloxStudioLauncherBeta.exe
3012	RobloxStudioLauncherBeta.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

659207bf817436dcdd520b561895c017_JaffaCakes118.exeRBX-4606747C.tmpRobloxStudioLauncherBeta.exe

description	pid	process	target process
PID 2664 wrote to memory of 2760	2664	659207bf817436dcdd520b561895c017_JaffaCakes118.exe	RBX-4606747C.tmp
PID 2664 wrote to memory of 2760	2664	659207bf817436dcdd520b561895c017_JaffaCakes118.exe	RBX-4606747C.tmp
PID 2664 wrote to memory of 2760	2664	659207bf817436dcdd520b561895c017_JaffaCakes118.exe	RBX-4606747C.tmp
PID 2664 wrote to memory of 2760	2664	659207bf817436dcdd520b561895c017_JaffaCakes118.exe	RBX-4606747C.tmp
PID 2760 wrote to memory of 2084	2760	RBX-4606747C.tmp	RBX-4606747C.tmp
PID 2760 wrote to memory of 2084	2760	RBX-4606747C.tmp	RBX-4606747C.tmp
PID 2760 wrote to memory of 2084	2760	RBX-4606747C.tmp	RBX-4606747C.tmp
PID 2760 wrote to memory of 2084	2760	RBX-4606747C.tmp	RBX-4606747C.tmp
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 2760 wrote to memory of 3012	2760	RBX-4606747C.tmp	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe
PID 3012 wrote to memory of 2376	3012	RobloxStudioLauncherBeta.exe	RobloxStudioLauncherBeta.exe

C:\Users\Admin\AppData\Local\Temp\659207bf817436dcdd520b561895c017_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\659207bf817436dcdd520b561895c017_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\RBX-4606747C.tmp
"C:\Users\Admin\AppData\Local\Temp\RBX-4606747C.tmp"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\RBX-4606747C.tmp
C:\Users\Admin\AppData\Local\Temp\RBX-4606747C.tmp --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=fde48f439a9af7a7f1b323bea0e4a5d1febc3390 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b8,0x5bc,0x5c0,0x594,0x5c8,0xa5a1f0,0xa5a200,0xa5a210
3⤵
- Executes dropped EXE
PID:2084

C:\Users\Admin\AppData\Local\Temp\RBX-6034D15C\RobloxStudioLauncherBeta.exe
"C:\Users\Admin\AppData\Local\Temp\RBX-6034D15C\RobloxStudioLauncherBeta.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3012

C:\Users\Admin\AppData\Local\Temp\RBX-6034D15C\RobloxStudioLauncherBeta.exe
C:\Users\Admin\AppData\Local\Temp\RBX-6034D15C\RobloxStudioLauncherBeta.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=d2f995026f4963b40bd37e1eada84a7698834d8f --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b0,0x5b4,0x5b8,0x474,0x5c0,0x1814c84,0x1814c94,0x1814ca4
4⤵
- Executes dropped EXE
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
1cdbd089dfcb9336cceb0e56e816580a

SHA1
4ed213ef423e682c031419b16d24dc4bafb95b2c

SHA256
939fce76714a5874729618de5fc0a9e2b2c6c7da35f7d0128a6be705c603939a

SHA512
71bba557a607e9916d60d3bd27c9a10f7613ca8242ba2d11e224228719a02915f83f2c4484d5e408a8e4110590a1cc335fb17c7915e4c48522a4ec9fa99e100c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
1KB

MD5
d5c2865a15b36c4ec07454e0a5c49f3f

SHA1
067cf71276571a338ed60c74037b2aaf15e8d647

SHA256
6069dcbfa2a34c0a887a035a9bfff1771c7583a031375b0c6f3f4269322c2821

SHA512
9e6851e2f536fec7de68a6d23e475ba4b9e221d6b0da70c5607c2832cdb6e65b4fb8646bcb75a5bbdb4ab3aef6a527bed1bb8913079f1686c1f47ad1e43f9957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
d8e0e108bd3225ee4823e2501a9c59b8

SHA1
90ee76ccb7a8c1cee70959c25f1cfffcb399aaeb

SHA256
482fed17ea597c86abe64224786bd51836c64071c1047ca970c09ae96185c1cf

SHA512
d7bd3501cf8a9a5d1f8cc34c5bd88af6228f40c97bb48f58cdfdded4775769d215c8029fb9fad8cfb27628e2550092c1bd82574f1218540c4288da141d581d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
8f25fd27c91bf81a14823685b5a7b317

SHA1
c7f7cf2229c0807f600c935f471ab46a098218a5

SHA256
5c4a768009a95db49d5b6b1e4747f37be0bc8168e7bf683272594f9537e3484c

SHA512
c6c0c0b81e761d651eb535632fe2ebe439dc3ae36bf0d98c7bb2ac47b76292116d2b505c2d2021d79f81118c7c4caff2463101485be2a662966626e2412bc500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
3a483c7557b69126a5920ae944d0e64d

SHA1
55e8c86eb877b47b9142f01fb00124e042630957

SHA256
9ec32bf3e0954d9e2142a0c2c91803def5aa4e4a1d342e53fb64be38f88c6ac5

SHA512
62baabe294f53e7ca8749d05e152d0aeed181e712ee8a7ec8d5db7f185cfd381b7f5bd84542d9b485f844f5f744db9830b1d0241259ad9a924faca8a27be8214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
8ff862b339faa8aa5009eb260331625d

SHA1
ec2062a1b2f41a6a1c64c05cf789c5cb6e7c9df5

SHA256
01555e41a55a3af58dbf44d1e3d0f158c12306f26ecf35defce0b7fa718ae18e

SHA512
058ed31678c6136160699f842f188ee8f94e3ae730a748b75082eb72ae8bf05c0b0e62e7dc102d5529313627a454a591a43ea4bc547758a7d6b3d802d10b1f60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
68dc865e65032e4c955719e9155b3864

SHA1
6c0930578e1fe965e7246e62cc2a0619c6ac93f2

SHA256
924fca1b04eb78890a020e00623b7f75a6bf31cdd390b7cf845ed64a8ec617b5

SHA512
65757d8ad79ff09d38a96c7d083d70cd08229d65f47c07be6365b03e60a191cb44e68de5e9a450be92d874c83bd9c789bdb9679ec0259af6355aa4d01e87bafe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
5ed0ebe4a01c90db1b6d57e58d266096

SHA1
ac6769a57407d2e5930f6cfe7aa8f3db9a42fe48

SHA256
f8c67a565d66e1957486ba18d5a0119f2ffba192fcf96e9a7514e9bd2d0f1634

SHA512
4cdb86247085fa731ecbeb7c761f758d659a992e3baf115598e16fb10ffc75f4c589855cefd1f1db07f31a1c8a96195bc6a7fae36081047764b9bf9e3d135023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bfaa517ef38b9c4069a291acfd9a45b

SHA1
1ac3004bf4d2e246ade1815b2485a8906ed79b55

SHA256
ea60bda2932248c080e07b628bdfe2467c4e30143fbe5206c58350c82b639c87

SHA512
7ca61ed1f7c5aa0d7792393dae72bfaeff05c71933ae6634653a255b9c37fc53ae6c0ff1096341088d7b8492c33023edab239899ba173c4aa0799b37ad805e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24baf556e73851affc1e2ca278806a44

SHA1
b996938d218d3f6f5606ec8913442d66a2bd56cc

SHA256
4c25052460464513e6d9675a6a75b98e931c462ee21e65ebfcd0c49c90670f8a

SHA512
3cda60c0350cf2bfa5eb88d656ec3928482e668d108d41d84a75536590f88f5bb3aa2c010e01333ec5e52138bcde425680d38740bda84e805988f1ade32e5c45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02a30a106f72290ac224834fb169c0e9

SHA1
b4ccf0e4127dfd51fee0f5389b88762fadb22af3

SHA256
ccc6092d0a20f18257fae07d39bcf6c1ab5935df0924a4f6a3592424ea5ce55d

SHA512
0f0685b1c51872fe7f411857ed2215a993dd24d17be92bf622d8209cf811ac191e5e6b3b8a89e8f4ae4cd5e4dc67315b7b9e20b5814e3506567ad854a4029799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e2467de5de8298f08581432258e2b97

SHA1
d105a804a48f9503118b5b6bd94a54ab6b0d0863

SHA256
f385cf6b8d2c9d614dd2eff4190c056fd860ae8b5c73da804223122a38bbe71d

SHA512
f857d1f58624ed4fb98c0cf9b915254c0ef3112944fb40a9783083c0933bef96dbedf506f6741d8779e9e428ae57ee2b8c6f1102e0e4652be22735df9a896353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
43cac4c05a125db3afc415e84d1eb4a7

SHA1
700ebf7fa65e6ec4192313db64318bef97280e94

SHA256
5347c76950d48332b9cba9fd7011dc18e36d69735e36d94bd9d1199d7612bc86

SHA512
dc2025651473ceb5b5b302b7740c467966e2a98b6f9ddc5c6f7b3c859fd9618b6cf22761dfa4fd38957c575298bf46d1d3a3606ff38e1a49a87c5ee19a09b932

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
68b1cc18414c40415798102de61a9937

SHA1
9a62b7006e672a294b06ff1eca05421d63e1b101

SHA256
210986f53ff0b8f289945b231568b4670a06854bd8b94f206199db05ceb0080f

SHA512
fbefe0dce1a8360d97622cee3bd74e777008f6689ffbecb873f612a0fa7feac2f27dd78a8d81497ad1405b9d0f8c0820a17190f92ae3749fdc0a3a82c50d3fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
057d7b2bc6c5a28c8f2a1039176dc550

SHA1
b5a6691c5b96eae8e3b3e7a97ebcb81b9681abb5

SHA256
c6e89150e016dd69ed39b856e896225b1b760e0245fb6f6585a1ebceb7bee155

SHA512
ef35a77b0468c482d371d7aa24be0a3830888d3a6045b55007ea3501739fd7e5031c87f217515c43572a38afff53c69cf11d8e30b87720f8b1e4e342166f6bbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
68a1b84e99e75df7f7598ed4cf8ab7d6

SHA1
c2c40ca78ded2ac9965eca13d994118bd6d0c5e3

SHA256
9b282874d6d9f6d1e27cd6a23e21e0da498b84e00e15b982cf47d0efd2e22c17

SHA512
769aef1661f321db26bd745e7fd657592d8312dbfa68ceb90206b678e217c2e89b28abbdad399ead98d73d795e93104170911038c81e85c120a5d88a78e4c398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cc4cc1b97fe911c61d669832ee43e616

SHA1
91c9030d317b29043fc04d6de2a644df1e7a318d

SHA256
dde699c1b194ad75b94ae72c3dbeb9a10a0d9882b7cee6594c04121b9a7fda17

SHA512
041cabeec5a514b9d88e9f46e3e716ec4760bff0aa9d8ecd9e229fd8c284ba95cc360acb2fa90b8fd395dbaa80d1c2555d8b5d0676eae7e657a676343e1dea70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\version-c5a2369e0d774f91-rbxBootstrapperPkgManifest[1].txt

Filesize
86B

MD5
14c12bfaccc790563910539df8bc1814

SHA1
7d8a4e91f58c07bbe8e2f106ac7070c4f68e0608

SHA256
9ec710fa18b6762bb466a2f4392958bf551b40a413ef1fa40acd51e1a35727b0

SHA512
34015840baf053a1c532a3ab4074336d357136fe18a313c0838038a7c137e30090bb0d3bea1a3cba28745ae7f77b90b53d584c7a6a258e740d9fc3c932706bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\version-c5a2369e0d774f91-rbxPkgManifest[1].txt

Filesize
2KB

MD5
94ed4e234faea753c14ecdeda479263c

SHA1
134a22bfdfc129c1a14f870f2f68f0f4e85add99

SHA256
09b5270c11886f549c26085803705642cb5d45083e8877e2578cc3d731edea12

SHA512
89eea0569ec64853cf5a43cfbb351fe7887cb772eb41889d84e3b7231c1c2df5a335c73d94cdc903f675c71c2b364f821f8f6659fe154d95c176017300db7a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\PCStudioBootstrapper[1].json

Filesize
6KB

MD5
2d09044ec45d59b37273f637cf902da6

SHA1
9f9c93f5eaa9143dcb5a11053cf6695847c8c52f

SHA256
a03e1f0e02e53d9ebc0060c815421704921eba6f73d2892e02f953d41db34f28

SHA512
c98aebec3545bd5fef5bbdbe49f20a3f1126a4c29522396d451a7ba48198a9964791fd824ed0a1e0284513401f20d7bf742343e0dc7b8cb4bea8f60abf189ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\version-c5a2369e0d774f91-rbxInstallerPkgManifest[1].txt

Filesize
83B

MD5
09c7f9ee270382551bb3c39bb16649c2

SHA1
c3db94c9f0dd8cc40b2eda8ed0a9525d7060cf13

SHA256
cb33a0411d5ace09869d807b66d7c2050d3e67e748961eb1c37eaf14c65692a4

SHA512
1652b4e0ecaef9fa7116d70cd8c1ea36945ee43cf9fade1e34dde66e73dac2b47a39126812f492e8fd149f41b7e7cd8d016db6112b45b0b0c91205ca8c0c3106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\WindowsStudio64[1].json

Filesize
119B

MD5
d29dcf047d505fe5c84f07da21798440

SHA1
f6621ea0b2b01c14f46d6be181e5836c54b59236

SHA256
369981d550f87b939c5021b7081502b18f0bb314511676f693ffb57563fbbd87

SHA512
8edd53dbb5e3852b2494043722cb2d26dfa058566a1327ac57b6572811b4f35cb7663062e5f6f26f2e030ab35cac9fb9c803a10d8525fd3228ae1b3a53368559

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar351B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
6ff0a2b99fba0ca77ff546470fe3236e

SHA1
e7ee1bf45e426da78b19d14aafd88fffcaaf077e

SHA256
a58a3a08222f6b42559f903ff00ebd9c09989b321dffa03d0da9d68ddc178fc5

SHA512
41791bf30cde533441a2c2da470c0be12276c03202ff7b7db9cb1fbdef6b79ffd25ded39d590bdb74d1e1515433df93e6d24c9b2d16511c7a7ca692e5a678fa8

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-4606747C.tmp

Filesize
4.6MB

MD5
fa23f3a48c2e4ab7502588d590ee04e8

SHA1
486b0015d4f75af3f09f9c676b5f62a97a22bd62

SHA256
b21083b9c2ca0572bba7368ad178935d0e7e6ea017deb90e94936bf58152f4ef

SHA512
68d1e99931823f45aa7491a509cb4d08abe49664b349d612aee12089e9f5660c4fc15ec398065910a8443264a9855056caa8c70d8efe8d63d8aadf457a46cf9f

Download Submit
\Users\Admin\AppData\Local\Temp\RBX-6034D15C\RobloxStudioLauncherBeta.exe

Filesize
5.7MB

MD5
ed425a6350f3aa88c827a1b18900e896

SHA1
56c83310e81eac4cae5b55c378139e19a999dff3

SHA256
8aa742851be5f895d82316375efec41a7155328b35b7af6bb6bf307000f88938

SHA512
6b74dca519c71fbcb5b59806765f04498524d2964c8ef961813b6ff4ea828c198ab89d8ce6585097b9a6fff0b099399b2a579554b3ac0781d51f17cb0c51ab3d

Download Submit