Overview

overview

8

Static

static

3

Roblox Acc...er.exe

windows10-1703-x64

8

Analysis

  • max time kernel
    61s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/08/2024, 03:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox Account Manager.exe

  • Size

    5.2MB

  • MD5

    a057fae0c8c97ee6cf2c12fb7bcf034d

  • SHA1

    64fe0eb242b5c3f9c42f4f2c1685e4a36708e4f6

  • SHA256

    cdb0a360cca7a5099c2d2357be1a833e032ffdeb3f467a6fac845f6bb77031c9

  • SHA512

    447cf69cf39ef19d098f4ab223d6ad9d760efb1eabb1bb0dac27fd2e55ac14c5a6502f2edd00b199d2db702e38551065bcc087c8df931360e769443908a4d200

  • SSDEEP

    98304:b2bT1Qm7d9GP4i7q0LTWgtUmWzmSyZs9S8Z/LywnrSkqXf0Fb7WnhNMYkj7:4Qm59q/tUhzmS9zZ/mY+kSIb7ahNMYk

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
    "C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3080
    • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
      "C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe" -restart
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Users\Admin\AppData\Local\Temp\Auto Update.exe
        "C:\Users\Admin\AppData\Local\Temp\Auto Update.exe" -update
        3⤵
        • Deletes itself
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1708
        • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
          "C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4620
          • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
            "C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe" -restart
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3620
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2756
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:4236
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1016
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3796
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:1812
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:220

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Roblox Account Manager.exe.log
          Filesize

          1KB

          MD5

          6893de3a750c600fa731af8f533c2573

          SHA1

          9ced51fd6aee52b06d510c283863a80c186cc33b

          SHA256

          c8ccbfb0c65508a5d4902f8bd6f631de2748609dd5886423f1b40d82cb5e346b

          SHA512

          868e12b011ceefc0eab1a043788ea1a24716394e37decb25990935806528e0db8d311b2f014d09d517f9f0fc5d5ad8f4e20d1579a434626fa0cb6ac77acbfac2

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CD5S58SV\ca-ae3ce4[2].css
          Filesize

          167KB

          MD5

          b7af9fb8eb3f12d3baa37641537bedc2

          SHA1

          a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

          SHA256

          928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

          SHA512

          1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CD5S58SV\gpc-data-sharing.min[1].js
          Filesize

          217B

          MD5

          0554032e1c38be8a9d0a4a5c6973ce43

          SHA1

          20c98add41d2cef29274560bb357884c40a72523

          SHA256

          cc8c32e30e08c43092c6ad4317b18c2d0a8f425bcc9de7bb5965384f9fc3f16e

          SHA512

          fa13e128442c5aac2f2c1e142f66376dfd3daa6c015e040ac64a7dcbf11d911844fe53dcfdaddcb621e2b9df6f9f4fbbd197d604da25ab01a4cf5a1eb73df024

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N9TWZQ1B\analytics.min[2].js
          Filesize

          2KB

          MD5

          38b34dd10999b35d3ea49d72d442d61b

          SHA1

          9f448f4af683e7359906f603bb2cbba37148d721

          SHA256

          b8129c1b9a7b8a1467493c917ed1d007f7297a58a4ebc09ac73d958e28969ad1

          SHA512

          cd30aeec91fb944644236665b19aa5e34371b75e76a310bfcab80e2e0528a0363f15865f54e26b4f58f8c3e313f716adbce6b720e50b332c227f994fdd973e5f

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N9TWZQ1B\cda-tracker.min[1].js
          Filesize

          797B

          MD5

          4224409739020ba30e3752c0d1f273d0

          SHA1

          54980ee9df0ef712048572c80dc8d70710178538

          SHA256

          a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a

          SHA512

          1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P0YCEOVA\general.min[1].js
          Filesize

          169KB

          MD5

          49b237e0e1b4d7f8e79eef67df8fc31b

          SHA1

          e84b25d606a998921900c18808ac1c1a727a0640

          SHA256

          c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018

          SHA512

          0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P0YCEOVA\main.min[1].js
          Filesize

          36KB

          MD5

          99e112166fce2620aaa9cfa8d175a306

          SHA1

          5854df9bfbfdc035535ccf4774fabe04e56ef45b

          SHA256

          18c1c45e4ac4d0c02a1510be7de55ec533ee139225f7dbb279cc3035a9a99264

          SHA512

          95669ae20406f5f30a4b3ca3ee860d473bb2afa337e1c304db3a342e1c82d2513145c65d3f9cadcbf69ec2d508455817469726279502e5b91a9f8756a06c6ec9

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\bootstrap-custom.min[2].css
          Filesize

          232KB

          MD5

          68455c141226e4fe7137573fc038bf9d

          SHA1

          afa6d311a7b3e0c93a14c6f92d85fd6984a78b17

          SHA256

          d51b5112a562cc707e889ce669a0e5be8d84fd47d314dc669584b615219249ae

          SHA512

          24b2efb25a3e7007d9594800923d6e9aa3843c5ecc44412a7ac7551859995b271596539f71485ceef05ca442c7e8b1bf6f770aa960d524ecba1a12489d452138

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\cookie-consent.min[2].js
          Filesize

          2KB

          MD5

          e8461b5f6a92c484b9b77ae2e5f0cd06

          SHA1

          0aa93613cb84f76a7a8038566ae39d4ff7e03288

          SHA256

          6f511e4c5d44853453d6840704ba07a04e06d47011f74920d76b6c580fe6123e

          SHA512

          9fd5584edba7db6c3e6ffddba32164ef689c873263e980f6de40d1f8dfa9b081b29080425e03156ccf13da3aa90240155408b63a8442a5365139dcae8803a467

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JVAKH2I5\dotnet.microsoft[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YWB9FC16\favicon[1].ico
          Filesize

          161KB

          MD5

          8565042b6db20c23647202bf4b95f11b

          SHA1

          9f0829cb3ceef14ac10e0b66338d8b7243a09101

          SHA256

          dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969

          SHA512

          dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\77wm0hv\imagestore.dat
          Filesize

          64KB

          MD5

          9345c2f593b2c92f058b46b6da7f7f7d

          SHA1

          f3504d1905ff75c69e24acbcea7436b155b8ac62

          SHA256

          6ad646cec7e5e0133dd7770b37056e6cce6effdf51833649243371c85fecd4eb

          SHA512

          5b6fde1ded77543f0c3311025a68fe43c896428036fa9faa5c82602e30bd322cd91dbda081f434f7613102f456368aab11a3de13357adf9ce196bfd2ce2d47fe

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CD5S58SV\RE1Mu3b[1].png
          Filesize

          3KB

          MD5

          9f14c20150a003d7ce4de57c298f0fba

          SHA1

          daa53cf17cc45878a1b153f3c3bf47dc9669d78f

          SHA256

          112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

          SHA512

          d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CD5S58SV\ms.analytics-web-4.min[1].js
          Filesize

          153KB

          MD5

          8c0374ae846cf06e4448a785fda96d93

          SHA1

          1e668e9c6264e7cd07f32d1884dab3a699527287

          SHA256

          ecb0bf38c5c4e4e1d00ee2131e694c2a62b5be0e8d398129be1799b831ce6137

          SHA512

          3815a689ddec2c25a6ccf6f9bf114fd773fc07d9a89e7cbf29db94cd4fe02c0f4298a1628181feb5e9510ac7afdf11f21e6f620b5b5a82a2233209f962320da6

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CD5S58SV\mwfmdl2-v3.54[1].woff
          Filesize

          25KB

          MD5

          d0263dc03be4c393a90bda733c57d6db

          SHA1

          8a032b6deab53a33234c735133b48518f8643b92

          SHA256

          22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

          SHA512

          9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N9TWZQ1B\culture-selector.min[1].js
          Filesize

          1KB

          MD5

          a7d39d299ede945b34ebb570580d6686

          SHA1

          a1d32e04c5a0d72978dbb6ae531ceb9ef319e225

          SHA256

          e84d57bf859a256815362f36a4ff7f5ee6ba1dcfd02d8ac02673353fdd0a0ff1

          SHA512

          c6a619dcd8b7e07d5491c9963a89f4fcc9d48e3fb14dbac57f0470988b48eb378224966b094c3cdbff4689674c49d6fd51fd0ec6c031d6902f8f2bc9154d4355

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N9TWZQ1B\space-grotesk-v12-latin-700[1].woff2
          Filesize

          11KB

          MD5

          514360ed1b78e71aabe58ecd08f36706

          SHA1

          1062c179ea2f74b5db67f9d7822c556ed25637dd

          SHA256

          751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

          SHA512

          1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N9TWZQ1B\wcp-consent[1].js
          Filesize

          272KB

          MD5

          5f524e20ce61f542125454baf867c47b

          SHA1

          7e9834fd30dcfd27532ce79165344a438c31d78b

          SHA256

          c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

          SHA512

          224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P0YCEOVA\2b-8e0ae6[1].js
          Filesize

          134KB

          MD5

          b9c3e4320db870036919f1ee117bda6e

          SHA1

          29b5a9066b5b1f1fe5afe7ee986e80a49e86606a

          SHA256

          a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48

          SHA512

          a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P0YCEOVA\theme-toggle.min[1].js
          Filesize

          3KB

          MD5

          5eb247cbcbf666e2517e5f1256b52b5c

          SHA1

          d74454d4cba8f1c1aa8270ab092111ec63e69594

          SHA256

          e02f294b19ef5b7a0421ab25a055738f6f4baabaffb3030132ff08121a338459

          SHA512

          b3f7889850da89185ff6e48675d0e52f3550561c2b4ec6502a67fc06451846a51e47f4d16ae15f351998cf2592292c1f4fb455dcc9756a3b19a79e281afa24f4

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\ai.2.min[1].js
          Filesize

          120KB

          MD5

          30f39ae5d1d05a439046a7640510b486

          SHA1

          716efa29594edae8832bb8b12e7fb19bc06e06fe

          SHA256

          bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136

          SHA512

          f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\footer.min[1].js
          Filesize

          376B

          MD5

          33eb53d99fb8b6b0fc16b035559b20d5

          SHA1

          db024d172c6623da9c65ace778c802bd46a4f043

          SHA256

          0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42

          SHA512

          6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\open-sans-v34-latin-600[1].woff2
          Filesize

          16KB

          MD5

          603c99275486a11982874425a0bc0dd1

          SHA1

          ffeb62d105d2893d323574407b459fbae8cc90a6

          SHA256

          4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

          SHA512

          662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\open-sans-v34-latin-700[1].woff2
          Filesize

          15KB

          MD5

          e45478d4d6f15dafda1f25d9e0fb5fa1

          SHA1

          52cb490cd0ee4442ede034085cda9652b206f91c

          SHA256

          d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

          SHA512

          2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U0A7OFBS\open-sans-v34-latin-regular[1].woff2
          Filesize

          16KB

          MD5

          e43b535855a4ae53bd5b07a6eeb3bf67

          SHA1

          6507312d9491156036316484bf8dc41e8b52ddd9

          SHA256

          b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

          SHA512

          955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JVAKH2I5\dotnet.microsoft[1].xml
          Filesize

          83B

          MD5

          befe58dafd28fde94f75087b8342ad46

          SHA1

          1e80aaba87285d82725e010e234d4f1d00a88f03

          SHA256

          29d6fcc317482d9f432a8362deaba4ddaa0ed615bba5f9ca15c6e8846ba60331

          SHA512

          233b00e8ffaa17cf57c342b092c01dfdcf09472feee991a47817e3df3b87b3292c3aacbad9ec0888eb5c7a2909edb26ef171b22810649eae3e69bea5646b037c

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C389FD106AACA95B265CC81A85B3522B_B01925B2B46F5058A43DABB371773EE2
          Filesize

          1KB

          MD5

          123c331b9e54f550214da71175d542dd

          SHA1

          fd8acdfdb55fd1506057e38c492940e56aac780f

          SHA256

          1d784a7cf2b23f19e6dfd6c24bdb0ad69c51f8a2c52fa7f53e8d8ead2be879e1

          SHA512

          7a5aad99f1471c8d62f003f6bed3cf7fb90b4b50b20c65cf3ff195b14b3851e4ffa9034e8603a29fe4dd8bd5e67d3499565b1f7a89a55a396edc2e19de866ca2

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
          Filesize

          471B

          MD5

          e531567acf604fa1e9d9b8667a8f74c8

          SHA1

          4188dd9336616e684c107a8efcb19774a2a88943

          SHA256

          543665a0e6ef9c6fc073139cf7ef2e7e27b0cd4590cf5bdd41ff6f6307675e77

          SHA512

          58cc26e79eacc74a44d43efd04f00d85610a1cf66af7b11b72b55a474ec2c4149b64d30e03c5505b48fa9d45fc81968344077963bca4d631a70e7f089de9f04c

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
          Filesize

          471B

          MD5

          c62d5fa8784ef9cc8d5f16d88536ffaa

          SHA1

          842f305cb9bcf946df34590fe7166cc33a84a658

          SHA256

          584573c84bb7f86a6f6ba317f3342c60e35ee2b3dcbbe811aa4e9e723127dc94

          SHA512

          bd95d73371cdade68758f7ee59ea1c737e07ff277ac5a094a93685e1dfcc86d1a5ceb813eed223b0dbf28e1088623289782d641f777d99cf77bcf8e03c5a2f92

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
          Filesize

          471B

          MD5

          21ee8b763f116b6258448518f6728bbd

          SHA1

          f7b88698af990fb58f35c6cd956591527137cbcf

          SHA256

          c2b68452648dd673f6f1869232c44d1473d38d7102f92e84d28dc1793cf390e7

          SHA512

          09f947c11cc84514f65c82ab46b03fdf6236835de184ed6c6fb7c7de3c725ad5e5abba5cb2981ebf3f0c5eadeef85fd79a9343b967716c15b3e0ae0b0ddbb952

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_B01925B2B46F5058A43DABB371773EE2
          Filesize

          564B

          MD5

          dc96acf5d6f1fbd78158a39e23bff549

          SHA1

          b4204684f31b3a363484a5514f3a1e098b0a924a

          SHA256

          07594ebe0c1ee3697550d7d1ca158e0d093beba2f7b24da68a825af63f594c5b

          SHA512

          9b048fe25aa3489663f97f0e69f5e95dd76c8c8cf19dbfbc57ce180767f24c9201cf7ba0aef62f609a91eed3325887644acd3a2acdca6ac35058502f79b6366f

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
          Filesize

          412B

          MD5

          d675b321f774e5f09b1a51b9b17ae67e

          SHA1

          837b4ae3e066fbab5da80f24924c438b821c7d08

          SHA256

          12428affae6e7115f2d1da3c3bbba6e8b69598c79c9f6179e42ca1625119185d

          SHA512

          c5c11759f7fdee58c2eff9ef56066e64289783bc0c3a5872c12205baaf3569d58b9dce8356d0020929e3cb14ccba5f79054978791da5b8a38e2a36ab5cb86ef2

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
          Filesize

          412B

          MD5

          0dcf09d3b79f3eb9dbb4b0c4ba4b82d2

          SHA1

          049dee98f9804a57b1333d5d72b2cb999ce2092c

          SHA256

          c5a39c2bd752725d6f1870719286582a136a94c8a2ba63366039acb078c6b60b

          SHA512

          a956a25b32ebb40ea92a7a55dcf5fead2765c9b31596a5e0e34e668f78c4c8caea618d7e000caa86a00de020601a5c76b3a4859a7e4bc0846d02bb312adff670

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
          Filesize

          412B

          MD5

          9ae690c8f28f7334f5d90585ed59a3b9

          SHA1

          dcad08abb9e74b1fb1e76ad156f4cf08db374299

          SHA256

          d8743decd76611049343cc6f8a1c539ee1404944612b293076bbf8641ecbb8e2

          SHA512

          5d5213ab86d52f2fd4a320dd2183a93861cc3ead27bef580bf2e6d37ec25114f34b616b9b03d35714af228370270e6389e43ed0c161afe21bb100992c83bbac2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Auto Update.exe
          Filesize

          5.2MB

          MD5

          a057fae0c8c97ee6cf2c12fb7bcf034d

          SHA1

          64fe0eb242b5c3f9c42f4f2c1685e4a36708e4f6

          SHA256

          cdb0a360cca7a5099c2d2357be1a833e032ffdeb3f467a6fac845f6bb77031c9

          SHA512

          447cf69cf39ef19d098f4ab223d6ad9d760efb1eabb1bb0dac27fd2e55ac14c5a6502f2edd00b199d2db702e38551065bcc087c8df931360e769443908a4d200

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RAMTheme.ini
          Filesize

          314B

          MD5

          f18fa783f4d27e35e54e54417334bfb4

          SHA1

          94511cdf37213bebdaf42a6140c9fe5be8eb07ba

          SHA256

          563eb35fd613f4298cd4dceff67652a13ba516a6244d9407c5709323c4ca4bb1

          SHA512

          602f6a68562bc89a4b3c3a71c2477377f161470bf8ae8e6925bf35691367115abfa9809925bd09c35596c6a3e5a7e9d090e5198e6a885a6658049c8732a05071

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
          Filesize

          5.4MB

          MD5

          334728f32a1144c893fdffc579a7709b

          SHA1

          97d2eb634d45841c1453749acb911ce1303196c0

          SHA256

          be9ddcdedf8c36c64e6b0a32d2686b74a112913c54217ccaa46675bfd1dc82f1

          SHA512

          5df9d63136098d23918eba652b44a87e979430b2ce3e78a3eb8faef3dd4bd9599d6c31980f9eaf2bd6a071e966421bc6cec950c28b3b917f90130e8a582c2a1f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe.config
          Filesize

          5KB

          MD5

          7e067afe7c779870c370c40240e2ce1f

          SHA1

          71d59901ee26810c2b2cfdeca176cec9a54fdb48

          SHA256

          5e0ba1895cf088e6d6907b8abbd8cd41c86f39cc642351a9ab0bf458bf1f5b31

          SHA512

          7ae4e81cd7a06aca5c363e1009d898aa8b42236d6796c38a8ba07adb52eae45f69cd446d008a0e1d12c60c02a43bee1c813231d58884c6dd69a2967e243c9cc6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe.config
          Filesize

          6KB

          MD5

          0a86fa27d09e26491dbbb4fe27f4b410

          SHA1

          63e4b5afb8bdb67fc1d6f8dddeb40be20939289e

          SHA256

          2b6d99db8369b0ff6372737d89d1c9e4101815b4168a3852c7b513f2897e7f3d

          SHA512

          fbebc4dc0925d5d67271cac04c1ed324091442ef4c9f6243d2c1c523c9aa6b338c6a594e4987fc142dd3b2a023338a267c8a3454e47fbf0b3e0dbd7b3b65cc0d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\log.txt
          Filesize

          142B

          MD5

          800d46f92f67b93090396403ce161f3f

          SHA1

          c6708e51f97ae1318a7e8328d95b3632bb9f0ed9

          SHA256

          dd22c601bb75b550e4c23cec49d8d825c59682a8b52950d6732345e3e45e3eaf

          SHA512

          97fcdf836b63a074838f66b5fb65176b5df6ea2c6d598d0102c3f747024714ea927e3bf1167353ce0b0a55ed7b3fb858abaf188711c96b19bb48ce32adaa63c3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\log4.config
          Filesize

          936B

          MD5

          e4659ac08af3582a23f38bf6c562f841

          SHA1

          19cb4f014ba96285fa1798f008deabce632c7e76

          SHA256

          e4b10630d9ec2af508de31752fbbc6816c7426c40a3e57f0a085ce7f42c77bd5

          SHA512

          5bfa1e021cc7ee5e7a00da865d68684202b3b92d3d369b85b80c591fffa67725d434398325dc1e37c659eab62c0a4118b3e279ac0096b95790d252ceb6254249

          Download Submit

        • memory/220-356-0x000001E1BF9F0000-0x000001E1BF9F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-415-0x000001E1C0A90000-0x000001E1C0A92000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-364-0x000001E1C07F0000-0x000001E1C07F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-368-0x000001E1C0930000-0x000001E1C0932000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-494-0x000001E1C5400000-0x000001E1C5500000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/220-354-0x000001E1BF9D0000-0x000001E1BF9D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-499-0x000001E1AEBB0000-0x000001E1AEBD0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/220-358-0x000001E1C0770000-0x000001E1C0772000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-360-0x000001E1C0790000-0x000001E1C0792000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-504-0x000001E1C0EC0000-0x000001E1C0EC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-362-0x000001E1C07D0000-0x000001E1C07D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-366-0x000001E1C0910000-0x000001E1C0912000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-446-0x000001E1C1300000-0x000001E1C1320000-memory.dmp

          Filesize

          128KB

          Download

        • memory/220-447-0x000001E1C1360000-0x000001E1C1380000-memory.dmp

          Filesize

          128KB

          Download

        • memory/220-418-0x000001E1C0AE0000-0x000001E1C0AE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-435-0x000001E1BFAC0000-0x000001E1BFBC0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/220-352-0x000001E1BF990000-0x000001E1BF992000-memory.dmp

          Filesize

          8KB

          Download

        • memory/220-393-0x000001E1C1670000-0x000001E1C1770000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/220-349-0x000001E1BF970000-0x000001E1BF972000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1708-48-0x0000000009F00000-0x0000000009F12000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1708-49-0x0000000009FA0000-0x000000000A016000-memory.dmp

          Filesize

          472KB

          Download

        • memory/1708-55-0x000000000B910000-0x000000000B92E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/1812-466-0x0000024F68940000-0x0000024F68942000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1812-434-0x0000024F6B9C0000-0x0000024F6BAC0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1812-584-0x0000024F69680000-0x0000024F696A0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1812-384-0x0000024F696A0000-0x0000024F697A0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1812-500-0x0000024F6E190000-0x0000024F6E290000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1812-492-0x0000024F69B60000-0x0000024F69B80000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1812-463-0x0000024F68930000-0x0000024F68932000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2184-25-0x000000000B380000-0x000000000B38A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2184-35-0x000000000C4D0000-0x000000000C4EA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2184-24-0x000000000B750000-0x000000000B7E2000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2184-19-0x0000000006410000-0x0000000006484000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2184-15-0x00000000736E0000-0x0000000073DCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2184-20-0x00000000065B0000-0x00000000065BA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2184-22-0x00000000736E0000-0x0000000073DCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2184-16-0x00000000736E0000-0x0000000073DCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2184-30-0x000000000BE20000-0x000000000BE78000-memory.dmp

          Filesize

          352KB

          Download

        • memory/2184-32-0x000000000BE90000-0x000000000BF42000-memory.dmp

          Filesize

          712KB

          Download

        • memory/2184-33-0x000000000C0A0000-0x000000000C0C2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2184-46-0x00000000736E0000-0x0000000073DCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2184-23-0x000000000B100000-0x000000000B134000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2184-34-0x000000000C210000-0x000000000C2CE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/2184-38-0x000000000D820000-0x000000000D82A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2184-37-0x000000000D7F0000-0x000000000D7F8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2184-36-0x000000000D800000-0x000000000D808000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2756-106-0x000001BD47E50000-0x000001BD47E52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2756-87-0x000001BD48E20000-0x000001BD48E30000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2756-71-0x000001BD48D20000-0x000001BD48D30000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3080-5-0x0000000005470000-0x0000000005502000-memory.dmp

          Filesize

          584KB

          Download

        • memory/3080-4-0x00000000736E0000-0x0000000073DCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3080-3-0x0000000005380000-0x00000000053C6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3080-0-0x00000000736EE000-0x00000000736EF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3080-14-0x00000000736E0000-0x0000000073DCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3080-6-0x0000000002DF0000-0x0000000002E16000-memory.dmp

          Filesize

          152KB

          Download

        • memory/3080-7-0x00000000053D0000-0x00000000053EE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3080-2-0x0000000005880000-0x0000000005D7E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/3080-1-0x0000000000430000-0x000000000096E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/4620-64-0x0000000005CE0000-0x0000000005D26000-memory.dmp

          Filesize

          280KB

          Download

        • memory/4620-63-0x0000000000F10000-0x000000000147C000-memory.dmp

          Filesize

          5.4MB

          Download