be9ddcdedf8c36c64e6b0a32d2686b74a112913c54217ccaa46675bfd1dc82f1

Analysis

max time kernel
147s
max time network
144s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Account Manager.exe
Size

5.4MB
MD5

334728f32a1144c893fdffc579a7709b
SHA1

97d2eb634d45841c1453749acb911ce1303196c0
SHA256

be9ddcdedf8c36c64e6b0a32d2686b74a112913c54217ccaa46675bfd1dc82f1
SHA512

5df9d63136098d23918eba652b44a87e979430b2ce3e78a3eb8faef3dd4bd9599d6c31980f9eaf2bd6a071e966421bc6cec950c28b3b917f90130e8a582c2a1f
SSDEEP

98304:42bT1Qm7d9G4/Ml61KO9bjRxMLywnrmYa0kqXf0FJ7WLhrBzcgPgL6b:/Qm59RMowO9bjRmmYiYa0kSIJ7zgPE

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Roblox Account Manager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Roblox Account Manager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429107258"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB52CEA1-53EA-11EF-B6C3-72D3501DAA0F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fa1fcbf7e7da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000ba7d5f6c1f35d1ea737dbe6c7f16b2a1c371d8e3e3400072b83512431390ef03000000000e8000000002000020000000eb3f3d0303699aa7d02c2df22b374b6513ea6ae7a829a5571d95a038b5e0205f900000005dfe2a57c581e069f7006d0ab5cffb9733d23e7383bbcdcad3d2b650bef20552e44f53e2667a8f43ed08b1866a54419b229c476f1ba16b1159ac9ad9e3c0b9b51f25976ea7cae901336acf957c51f36b81280b5ccbb27d5b148f2328cd86b9a5831ce6e15265f9183caffd4f6afc76ee8dc9741f8aa316735c8566802a81a10999b7712b216a07caf70a284ea3189e9440000000c077a727c2b829562a2696cf5a2a9b8dcc7ac63c9088f739f9f186ab0dda8f05e60bf9c9fd8a601bafc491058d05d27b14b4b49e26056d9ada1a5c1e6b0d010c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000095749104fa86c7a4175b524540364d45910603afeab3164e64cbd0a38e49f702000000000e800000000200002000000084e93137ca0e6ff12c8d1d3e5cd1e2f447b80013171d75d7dc65065602b76034200000008e76477e8fc96479f8d1b9347d87e2dfc8212d4706465527e12bcbd772e00abc40000000551fbc14dde6ec276cf97f77d43619a306cb98c81738eb91eadef3804d22efc7cfe40072a0293026354e66e1914e8dc0f4ac39ed816350531a614350f7cb4f7f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	iexplore.exe
2744	iexplore.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2000	3048	Roblox Account Manager.exe	31
PID 3048 wrote to memory of 2000	3048	Roblox Account Manager.exe	31
PID 3048 wrote to memory of 2000	3048	Roblox Account Manager.exe	31
PID 3048 wrote to memory of 2000	3048	Roblox Account Manager.exe	31
PID 2000 wrote to memory of 2744	2000	Roblox Account Manager.exe	32
PID 2000 wrote to memory of 2744	2000	Roblox Account Manager.exe	32
PID 2000 wrote to memory of 2744	2000	Roblox Account Manager.exe	32
PID 2000 wrote to memory of 2744	2000	Roblox Account Manager.exe	32
PID 2744 wrote to memory of 2736	2744	iexplore.exe	33
PID 2744 wrote to memory of 2736	2744	iexplore.exe	33
PID 2744 wrote to memory of 2736	2744	iexplore.exe	33
PID 2744 wrote to memory of 2736	2744	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
  "C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe" -restart
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=Roblox Account Manager.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4de352594de645727fcbf0739b448deb

SHA1
da2c97a4af7c282a9d62be237ed1ac3da831f0df

SHA256
afdb871074030b4b7ab1ae4f615014e4e53025eca0525c1e4a1098db029bdb47

SHA512
6a2178cc016eb7f417bcfeda16a849fdbd068651342fbde877a095038d6034644d5a4fdf2db2e4d75b7c2f6356e845085b444b3beecab82c2dbc761a55eaf551

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41737b7e423d77d3e219a605a235b402

SHA1
e3d2211a4a82236d5a56fecc82c3fa934c258f72

SHA256
a8f88e50baf2ffad5a3f9dcf0a60cfb8a7db494c7e92e15f9861e0f6079ff232

SHA512
1d6c9540ee97260a0f26a78597e67ae7abf9a0942acd95ee08dfb9237153d654f79aa786c189b77f2f2da8a7d5a829659f7a7c209ae1c87bd416f3627f205f89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b021dd6a505b995a6643eca61a522aa0

SHA1
9c4e053038b71c8109a9cd06ef378bbd681796f4

SHA256
7228f3210158791ce6697bdc2f5d78784cbe36efb6bbfe9dddacaea3b6154d2a

SHA512
89f0e7391071b7ecbcf393dc2734222a1a9a5b112fd3f8f82015964ae2e1e29ab2f1787b06b6d30265b0f9a6e75ce075bf75b1f178a2e75ce6a8372a289aeafc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36479b8817d24851050cd0e1e3efdf28

SHA1
e79713334125477c9634ff645603254a769531aa

SHA256
1bfa79bfa902d9eb35ca54c2f0ae39f69e7c1d8df6c21e42801c2d24c3824c77

SHA512
af6d58cc727aa2f85e2eef4a3eb181606ac754022ea704f3baa510b49758db9ba0992119771dc2e0d47888de638a8f14a13180fe1f8772971ebdea01e37e5916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
745c8090cd50297024dbed830c119fa7

SHA1
bd70b4b4fcfe259a3742420feec8914a273db071

SHA256
e840625617e03072a8132e8031fea2657d63eea9a1139d5b069ea765d0b51490

SHA512
ad9b7d9349291ca3864a1964413371a3f78483c9ed0862395401974a35e326697e3bad95a934fdbc237571cf3f53c32c2a907b7e73a0503ae563351135023f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
197fd0eb0f5641b9d2bfd7810b95f7ea

SHA1
3f6333256e1fadab97302f6a4369cfdbb8ef30b8

SHA256
027a5f966cbdc0d982852bd62f4f410893eaed69199c7a752878034d5f5bb059

SHA512
c134ccc4503aec5f9edc4003649ac8d033073be547387683eb7dca56585a3245da322a13bebe828260a7080411336db9e14e6d2df803df0ffc51fa4252678c79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcabf3fc5bc1f5608468b642cbc517f1

SHA1
58ce31386610b26332ce1c88d01163a14da9752d

SHA256
7745af792ebdbce7feeac317dcd6a505cb790921c618f1fdc7c4edeccabedcfd

SHA512
0f559507aca964f833997cc6f0611a66271c5b0ff97119bdcc5ce4b4807830a1bb1f8f903c9fd774fa93f8b0f001127f5f30384f3031cd76f4bd9ec82b90ff8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba5426e54a393f0556f0ebb3c5bd03aa

SHA1
76351b8beef725a1a6fe1e00d2631a0cb067de13

SHA256
660114a61f79079fdd612d5705a100122d374ae49037e047f48fb08aa57a6126

SHA512
f02113e96263a5230442060e7fda211e38c37a0c48ba3f7e2e16542989daf53250da18ac020071b232a71155d695d79e6a7c550e8a86a5afff0026f209761d27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee202bb8b8d3e2de84e9cd4a0881cc8d

SHA1
9acc0a0829a40d24d33d527a698c73a0d9c8df27

SHA256
9ca8a083a617a84aafb96e3d9d18df565c02ce11382d139e4bbec1b685dea2fc

SHA512
d9dd2d6b0442000cf811f05c6277bdc199b33244a0e13a101ba520cfcf25a74c40863be2379c90d18bfc9a1892e0ec92c4811ec2e680112fad42b9699af37599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f6e469ada51e32e015bef61b6e24339

SHA1
5d38a96c3bd440431fe5f00064f7f24f8364ec24

SHA256
d3882c16bd10c1e7eac1aeb69ed1592f125ef46fae0c3ef52a9cfd43e9d7b17c

SHA512
3e536d3b16d1dd0d21ce5af46dba1c3e6a88549d76528a50aa84aee631eaa25499d7f9a11e64d0327c78fab669dd9bbd160df7d53511d1a28b0cb63a4bd37041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69bf03b6befe05b4322d8bfa484ffd93

SHA1
a79559552fcb07bf85152a4c8d39b4d5fcff46d8

SHA256
8c517f3d299bbb20e24b9d5eda4ef749334de6f4fa45193793653b8a35c859bd

SHA512
4cfb20e3d0b7275cb8fc998b46ed21000ea4aee0a2326553f196f301a6921c898050ca42105344ef87a31ced094301fb58e7587190643446688c66709a1d1045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c09e793967b5dfb3500c2ba5fc3aed0

SHA1
d69d709cd8cfe9fd645fd15c2f4548225f9ca82a

SHA256
1eaabe07475e8fc6e6c543ae45f09f5f87d351bbfb19e2d59dc29b9b90f24954

SHA512
bd843a9c6e19113bf74b3d68fce109c10704ace66d9fad71588801a8e07587a1a8be484808532b4dacd3d6f3ac1b634b358e65a528022eaff41fef31d1201103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
769ed502d34db8394a37e9353e8e71d1

SHA1
035bf50d87a101d470428bd00cf970a88dd2c361

SHA256
6630874c9ddd9b9a2b9903482e7c6fa76cda28babbf614407a7a64d8c240ead6

SHA512
d9edfcf963b30dd5265ad0fecaba8cd1b6225688fe6d7a8a77717dd1ad8769729f738d30a3ec149cab264bdfce728408291ba0c180331125423d772c7c98c730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97337596f92b57035992b59f51292b7a

SHA1
439aa864913454cf6c9ea971207def2ab433a40d

SHA256
724247f1ed42c367ce2fec14542717a4eb434436341a2667cd118cef0486efdb

SHA512
31f67abc48141ca5375956a73d812fe318da7b3fad1f0914df3d4a6a9dbd343e5dc3da9c53f69b9bc6bfb9c6f9d74c359ee2f5e140d344a7852219d318cb9423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac9a337d609dc35ee24b681c2110881f

SHA1
eaa1adc1c503e7ed033abb175e161f1fc67fa386

SHA256
c2025e7f297c7ca32803d8b9ae61752349f59eca6c012caf9ab9bda3cc49be0d

SHA512
5b4305a0c7e8b2e01a18547c7b292db38108a612ad529b835e47298305863133a4ab36d9f1b3506c160fade74dec1225879216613ec10d397c4348498866d89f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a3b864b008da3f6e69079b580fd5794

SHA1
ffb7bc6fc298be36df8ed32a0b5c0273af9f084b

SHA256
7e11b637a762ab4dcfd58d2e45e1f142724f481fb288de7e31749a0a66eec66d

SHA512
d0ddc6dce0447c720842a3a81cfa45f1a2392c264e7f5e7d35887d7313748e8fa03679fd0aff524f5afd6d5ccf1d72e3f7d23938041243deeb9b2eb75d184a17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
650287d3115ad2b14179f513e1f427a4

SHA1
d801312b3652f521831c44cdf2b6e25404336bdb

SHA256
1e4cd2140eb7787333ddd1516db2237d5002d09d64e29bc3292517fc268ae15e

SHA512
6f330810411601672f70d144d33379cae44c55c7aed7020d98403f473bbde26a7fd8362ceb8fa1f87799296236db1c85fc88b7aa0de7896e06d7e36bb3bd5a4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4DB5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe.config

Filesize
6KB

MD5
0a86fa27d09e26491dbbb4fe27f4b410

SHA1
63e4b5afb8bdb67fc1d6f8dddeb40be20939289e

SHA256
2b6d99db8369b0ff6372737d89d1c9e4101815b4168a3852c7b513f2897e7f3d

SHA512
fbebc4dc0925d5d67271cac04c1ed324091442ef4c9f6243d2c1c523c9aa6b338c6a594e4987fc142dd3b2a023338a267c8a3454e47fbf0b3e0dbd7b3b65cc0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DD7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/3048-6-0x0000000074A70000-0x000000007515E000-memory.dmp

Filesize
6.9MB

Download
memory/3048-0-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

Filesize
4KB

Download
memory/3048-2-0x0000000000430000-0x0000000000476000-memory.dmp

Filesize
280KB

Download
memory/3048-3-0x0000000074A70000-0x000000007515E000-memory.dmp

Filesize
6.9MB

Download
memory/3048-4-0x0000000000790000-0x00000000007B6000-memory.dmp

Filesize
152KB

Download
memory/3048-5-0x0000000000840000-0x000000000085E000-memory.dmp

Filesize
120KB

Download
memory/3048-11-0x0000000074A70000-0x000000007515E000-memory.dmp

Filesize
6.9MB

Download
memory/3048-1-0x0000000001140000-0x00000000016AC000-memory.dmp

Filesize
5.4MB

Download