Malware Analysis Report

2025-06-16 06:34

Sample ID 240825-k87njsybnj
Target https://www.roblox.com/download
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

Threat Level: Likely benign

The file https://www.roblox.com/download was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 09:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 09:17

Reported

2024-08-25 09:47

Platform

win7-20240708-en

Max time kernel

1444s

Max time network

1445s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com/download

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000d646c9f2662884ca5ee30821e031429a0983f843e7ca189c11b66638eac95a65000000000e8000000002000020000000fc5585254f175fd8ad4c93bde17f579384ab5ecb1f76536035a89d49500cfb5290000000f4c0d9fe5f1726b691b9469be9cdf79ed677577088f2592457c6f98ace6de1002bc7ab0161d8109f16357e8039476be5f095963c818272a8166adbd79fda3f847f13dfb9d669cb471de88d24f44721f05f2b01a6d224892c2023b494ca188108dbc186a515349c7615978d1a81f76c6899746f79d3d375833bd5402a9a8702b8c7456ebb41af0af1ef1f04014ac57063400000008229357a87970e894c523dda2e631cee11519c11170928327128a57cdc24df40c947fd3c953e65edf3d5fd4f28b07cd54c990a84c7fee4aac67a7a2d2cf7bc64 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000b70139136bc952a19f1befd990d7b1e069f11692afb0bb491d57981a23ba38a9000000000e8000000002000020000000242a9d5ad8ca3cdc6763f16ac1092b7c47d0dc307808e1a199bc6aeb0f6d38ed20000000d100a18202835228ef1e6512ab39b1f845c04cda2908346cc3f86f3a3d5512d74000000007dcbd35b8c23a2e7ca62e8befd43eef68e6246b1191a5b3f82c5df921f14ab3122d58e9dfffb428e1f91eeae19bad8e02e87acb9efb9e6a2d2961f7795d5961 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430739319" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "54" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "54" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "54" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207ac2a5cff6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB37E691-62C2-11EF-946E-F64010A3169C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com/download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com udp
NL 128.116.21.4:443 www.roblox.com tcp
NL 128.116.21.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
US 8.8.8.8:53 support.google.com udp
FR 142.250.178.142:443 support.google.com tcp
FR 142.250.178.142:443 support.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 storage.googleapis.com udp
FR 216.58.214.163:80 www.gstatic.com tcp
FR 216.58.214.163:80 www.gstatic.com tcp
FR 216.58.214.163:80 www.gstatic.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.75.234:443 ogads-pa.googleapis.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
FR 142.250.75.251:443 storage.googleapis.com tcp
FR 142.250.75.251:443 storage.googleapis.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD03B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD10A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 561ee7dcb1e46e007df6ed4a1fc32bb3
SHA1 f698b0accfa5007849d0ecb8b0bc1152014872c5
SHA256 401c5ad28903ef8f5b8a28a48696a8caa5ac0afaedabcf0269b956d44642c05b
SHA512 0575c9c39928d13006f8898f240ee680b43d1cd180ef7ea141bf44f2f4e2f1dfd34a995bd0f9ec6eacf353766427a1f277ce62a7e0915fc96adf119a1d94eb9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa9b2b4076f9e0ea4c7a94703030124e
SHA1 8f4f59660e9fc56e5b6893ff334d005ecc2e0f4f
SHA256 3306fc90c84d4c1aa098b4f864266f0b9a9594a405778764ce8ab9d345046773
SHA512 c7673e2b82d6e9b259edce35cf0672d328c6453bc4b36fd0e8e4887ed8ec4a5643366453f23a9be60e44717529e2dc7bb535ccfa859251a72d927872d9fffc26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 3e4e895ff7080e903761d4a6ed46d65b
SHA1 b2ef30f6890817107cac30c809f800dba658d1e1
SHA256 705abd8ee9f6fe9f70e44b8c7ada422e8e561fd78bd60361be692c0dae1cadcc
SHA512 78572bd12b1bfe1ffadbd8477b23673c781291e2360649e989dfc11db6cecd5d2853a026a9db1b26ea9468702e8973fe6d20d6bf9840654238385edcf23a2ace

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 a72cb84a4cfda73deec90b0a1f6cbd75
SHA1 24aaaef243446098345dbd490ea66b94e3cb2008
SHA256 cf5ff55a071e5bcc30ba1b951c95a30329f1347e2984fbed0b1ba254463bbb3b
SHA512 79d39b49035abb0c441f0a060a8772130ecaa90c5affa3699501b9e0e4d0fe180cdc6e8cdcb806966694d23268827bf799a41d0f3172ca880cb23d925c0939f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 4098cd07605ccdf320029a85a059bd93
SHA1 4d389bffb9d2d1151a8e59dd751b8d091b6d943a
SHA256 ccb88fe992072d4b855d47da1c4bba1d8cd962a0dd464e7590add700b3fc089f
SHA512 1908a9eab2f489a3b9209eaadfe59902d060f1fa1ace0bc4441ecdc1577f85e7ac1c7bee512e9ac5a1f12e7384579bfdb24d9aaf6f75e31e81306980014960b9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T1C514S0\www.roblox[1].xml

MD5 e81c6108837d2b2c766a38a347b56be3
SHA1 6a2dacc2410b134492cf7ed84ff6ea694a2b0c8c
SHA256 15327b798984e30629d36cc7c90680d7d2cf9f9d70bd2c1e031081658c58340f
SHA512 18bec1b648dfd962e7cfdc784189b4414ac97187f19b5a43fdb0709701489d11c3acbff5877ef3225dfdbc1a027dc97d9d5c00be0ad9342577f1357e81ef55e1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T1C514S0\www.roblox[1].xml

MD5 d9a9da217c7ae2fe081604baace63525
SHA1 6a482e2db7a7cd176649d752581046f41e3eb2fa
SHA256 154eceebf6582bd07bdfcd5f2bfeea5ee7924d9d535e03a0be660e06247aff33
SHA512 75529773fea1cb886e38fb0deabbe17b18335817597e1c06413643326cd949947dbdfb983a0177614d60800bc28f8f065308de300eca9eb060af95c8cd8c4ab7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T1C514S0\www.roblox[1].xml

MD5 41e963f28195420573eddd7decb913c3
SHA1 d9a953066d526e7747cffb8747f20865da736c36
SHA256 7cd16ed7f63101b4be73f3b2166b7bc4190769276134f0f3d5385f657843716b
SHA512 6e8d4e311c40720047d09e2327b77662c13b5170ae5c08c56358af6b2ccf5d2e1659d43c7d9259ead296cd00e60672df0923def668d389f80a277d04da0d475f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T1C514S0\www.roblox[1].xml

MD5 8c16776b918702ad88176e775614a069
SHA1 7967557d93deea8b016b7104adf12b9b57bc040b
SHA256 34f5d3ed5bb1b0ee15570a9a08ef3982cf9b6372b19bce5b88630202a12af503
SHA512 9a41fa93279a21795c6163465750f9dadfc728c8708ccc50fb7d204ba086e14bf7c972a475456698832e743d70083870710085bcfc5bae233d22f0a8e8033fcf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

MD5 dede1940f00b8b3491701fbde63b2aaf
SHA1 8182a68552b834cb4b266fd279c91be7cba54ee3
SHA256 a3a7b1d8a299952990e2dd5107e24a64187cb7c615fe1748e334b9f4fd0286b3
SHA512 967340f7655144608d1c8df3e89e71dba1e2b19f6ed7d0fef486d47a2e6cfa9399f68db655b8f84c3c1dd9e724bf608fafef0b41ad05f6675fd6466ceb97ab8f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T1C514S0\www.roblox[1].xml

MD5 4cd6ab6697cb435cfa03a4d3fc8f0506
SHA1 feaf261774ad800c15312cb8032fbb2ca8087a01
SHA256 ab9755bd8653f4b56a39ca662431653346a1d41cfe1a6ae7a434e4f0e4677e2e
SHA512 811911b2f64944c48a7556a80bdf163a9d4f1b86e0b8a730d7f793b5f0d601914e3dc44799320c001db9c1e28630df678f5ab40185d4f48f85a196449ce7088d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cd77810a4ba61470b36e907e8b067a9
SHA1 bf1eb531fc81c27be3ffccfec9cacf8a29dafc66
SHA256 c10f54fccb8c02b6752c681288bfc4c5e9a14264c241344a96f989f97917c078
SHA512 942c974451cb0f2c4bcb5ba4fd67af139fe186ac62377f254e73cccc414ca068783f5c807ae088ddd9999952cd2d568ebfbb3a27af554d8980a5b564958c103c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f3c66b648ed1cc38eb938f09326c7a3
SHA1 54d761a6d547aeb27704e17a5c173f2a1d663732
SHA256 728262cb5a3ff76ff77e262660ff9eb31dd12c6d7f8ab6dd57fd2d3aa9803f3e
SHA512 324196b16f2df5a5d2f46ba0de7474dc7d988ed0e724b91bc65482b6f386054e61ac3ea6b5bad62beab87e68c40a3516694cb0894b2c55ff28bc3d6f09c6df48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59ba333235e94712b58d4098d256987d
SHA1 a4c395d9a3ac10be0f89118251d63654c8419156
SHA256 f1f7b02da1743de66396253132e649fe91b3f6590bdbc38d0a6d8e657d535526
SHA512 23d591f43e02a13478ea81f317394e39e13e42ce9f9767bd7e2e32d59dabed30e9d24cebdf2bde59f60989341fd3f335228533a758e9f9d2460aa709ac9bd5f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6fd2c17b72cc34c2f78be1320e12633
SHA1 d3081f67646ee94a37a0b39f6af43fce3a030fe2
SHA256 1d4f11089db872a35e0725fbdee4b3848db2fd42fd9d3a66f38662c419187dc1
SHA512 09fe36ecf340d7f762599ab750e5ca979b48edba169e25611c00acc84bf160d13f629b3b07f5368c898c8fbad122974d90ad61543f71a2b50e5644ac881953e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97542bef27c52e9cdd4f1e49802590c3
SHA1 ffde8ed1c1b1eed55d15b33ccfb5791a0ff0985e
SHA256 4060975e8396a98be8db4e41af5a4e6543ebcc0adb236e739dbb3356df7ba29e
SHA512 85ab2577218f6dcf92597d28689e637db82e16823ba0474a845ee802c8785ce296389cc2bbfa66a271e7c4721f0f0c23920410d3a28ce6a65ff532acb48e2eae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a95689b458d6996a66641e23d019f6ea
SHA1 9df08330317fce07f5af120e8ed4bea442d7c3b5
SHA256 4f5a71e242573c6c47355c86f477cbda30b0b31c6e3f99b11141390b88e974a2
SHA512 337170525788307ad347c01f5304cb7cdcb5e9f902eb7a99235ff7239f45ed8d03628d9f004e31ed303717322f0c41b72385e5f0b9117dcf2fe58eb04f480385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e76bfbe84050b96dad783f00c511caf6
SHA1 5bc6c14f4204800007638a40ca01bb451029753e
SHA256 54b419932708576438b1b41b345b6e351b0eece3d238a3ec556692886a2c2bdb
SHA512 53ff77314a4034f5c79889473a8aa6d5d955a16d26092edcb6be99ca5ee1db6a25af7f63bd3f002e84d59fd7ae726ad4b36e0f5089d9739b693cad84c84801cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a04366cc0c5b0ea61aaa0392719013d
SHA1 d1dd5f53ef3ef0d91772330bc182eba14957ae84
SHA256 f891f69658b2b19dfc8470fe1464ca89a63543b4ad62ce1a1e3bb579d2198ad1
SHA512 2c093aaa320647e4b8e825e50b6e6c75fd836c7dcdf784cd316b27ec983853e9150a0c11deb72d19386f59e1dc6aa9e6ebe630a59edebcbfe2faf1cecfeee729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5b67414d3ced109d52d560fc496c466
SHA1 db98f1ad5852bb6e04227200d05c3fd1ee309972
SHA256 55541e771aad0ac51ef220466260687d8a50e6a5964f4dea878c6d076c9ee3e1
SHA512 5194f68d660326bad7d2922761c8d1a1efefb96ba0edc82e463c3388ab6181dfcf740f35c99f91df78602e60a468bcb356b2d7d292bfb86a0df545ad32bf389a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

MD5 450a867db483aa265e80878949bc6dae
SHA1 03575a3b7fccd435ac4ac7d1796d73f818ea7077
SHA256 832dc50477f4872ea084fe664bd30bc7efd3136e63726f125d56e88143822457
SHA512 7368247e51fc618f53afb012e6352fc58c0347e1d9bc0b490f2be33ef10b18620121cb9baacfd84041228b6c2a32fe451930ce2ce9455fb23dd337c446c5c1c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d60438246ae5d7d3aad1ecefb2aafcff
SHA1 c7ab9e7e67525fe195f66b77abf8232668508263
SHA256 f4a12783914a5a29182680c3ed43b7210e0f98fdabe99e1208d047029d23c476
SHA512 12877ef635007d80e9e0c7e5ef6a52b36435b0081ae5d6ebc7464dc7918b33c5a097b803a0ef69ffc016376810565c8d63c64520473d5f23295f447872519cd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cd10f9f7756c90449e26b8bd4aaa01d
SHA1 aac13119bb3b7edea2d62b7844ad084f11043e3b
SHA256 adf832b8b542760d1e7a688201b616e22a13efa02c038eda17ee0254e1dea750
SHA512 a93dbc70ff782018d3199b0efbd683146a6395111f522535135f071a60beb9a83d6aa25ee39e387ee1ca91d2ff834b2d6f27047d612553bca5d128cc23640e44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 149036478cf146a37840aac8ec676d88
SHA1 a55fd5069c5ad2c87eab2c2bb6cd57d633a01e28
SHA256 e0e81fbb79c89dc1b303df187f482187a49949b649f2569904b2af2dff4637c8
SHA512 b431d388ae1ef8af1e1a02457075d0f401ca7feadfd89c6e0bcce1b734f659f95843658f7d8ae92afe9b87cfbf57d4d79b7e774fd5932d57ff3a745a288f40c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b608cfa6cc938369e430b00010676e35
SHA1 c493cea73308c5846b770e06677906933ad887e1
SHA256 d0f59e2ba8b56a56fc34cbd923213affccacade1093b5e6261edff1b6c6ff8a3
SHA512 d8da9ad069485d3194689aa3262b71806a5862883d156f4b145a2fb81e7a0c0d4652503c0fa3bcf9228ab08a805fa766c2982db8f12d63fb05613cebfcb5c899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4376b322f0dddb75521567075973719c
SHA1 11c501396728e07261bb684367a92673d9b17258
SHA256 bd0f35350b00da90d07db41dabd9b9b6a85b7e29e956d46e495d5c26b627801f
SHA512 c24a209e16980615356e267e8bff84dc5106fddb3af83961b5d9801fd5e3605ca76d7dadce4729b72d4977a333a2b4a8610513898b12f5afa46284d54d1c9e7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b4b1500cab7ef949a35699390adcedf
SHA1 3801ba035363883b980fdca6e8c9d04de7b2964a
SHA256 3500d3bdcc7fd7e2e8e332d20208b208fef43548edc07505d644438c91ac34ec
SHA512 ded0953685ed7ed040b236e9fc89bb4a249abb1b08167f3c0ca64949e03a8f16ee4ae982344d5d0bea7c93835a4f1281e3e52f094da37b780e19e6a7872672f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff72710f20bed07e53ab355bfb0b3ea9
SHA1 982a9338e8fc15905372a7591e0fab34c531bf9f
SHA256 91a9f1565c466a1a8d766d6088e16989577a8f4baf7c68957d93aa6f04044178
SHA512 55b95e3c70adefbc02142b656025f7b12c5bb07575dfb3351822002f3e00a642730c19d2c269683c8f6be1d4822f2088744bed0374079aa59c90df913c5f0f8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e081ae0cd338998391af7e3d17f216d
SHA1 31e56d5d6ed90d31eecfd6e9dc028250ecafeac8
SHA256 1bbb42c074bcc5036d18f1ba93a04e0d42d78c95f6435cd40f304adca35207c1
SHA512 f20a3193c0bda2403a1cc9b2caf7d874ef5f5dff9ba585641da3dc60a0fb26c9edcde3514eb5336fee7088fb9c42d6350f2d103d4268d59dba90824e8a00805f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fa3d993c99546b57e57de3b1998a4169
SHA1 8b45266d2153e9bd3b316bf944e2a73ec8615f5c
SHA256 3e2d682221ffb14b88cae295ca036a736e9053dc12892eec20ab806c14e64468
SHA512 f974c053afd60e3e0a161f8512d4685ea69f63a720dfd004da89bd6510ba196a539124cc9b173223aa2a2c3661f56c154cb6e4b3acd24061d0df1c9e861390eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65455a6406851067ee738c25ddc2150f
SHA1 aa4c9b1eb6d4c2580dafc07e6bb5cc136730981a
SHA256 24ec4fccdedc1de09c14b8dd3baae02b1b140d3bee9b080884b23f25b50efaac
SHA512 b1c1edf2a81d26129c4ced875f208ecc750580b8ca15ff2150dc009e0bdcf9d344a637cddd89efe72bf7189941186ba4a0356ac32695079faa83c3fb01f68430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52c238022b407b1ca29a1bc7dcfb5893
SHA1 25ff8b5c12186587209f5c5981ecd40c641ddc64
SHA256 519642c1e8af2280c7ecf8778d4a8f6bf2a3dc6d582db7062d4514894f2bfc4d
SHA512 39dbd1e3bbbc420bd77f4ed4ca54f2f5bd140617bcbca55571dc0401f8bfa2b6ccfb22eb2cde6579ff7732e2d44f846b42353cd1ef8a26aebe3fcd536bf6d451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ad7748244945db034636053847ca230
SHA1 319f1f70a5099caf5c4965c8779268b607d2fb2f
SHA256 371958b09bce998c8e04072fb702343f14eacd69b6a04545c4da8836da4424d1
SHA512 bb555f3b3173182ed8fcf2e2d729762c7dd0cfda179c6e15dc146d6988934951e7140f59dca7f766b4829d363484c5eced8cebbae7d80b75e0a07758940aafc7