Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2023 14:03

General

  • Target

    https://github.com/RxAmine/Robux-Gnerator/blob/main/Robux%20Gen.exe

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1136675258284380250/XsmDgKBgsNiA2B5tW_DmJKvdd78O8pRCojZ5RKqNpWedvXxoJGZDSvC4YwRZiQID2nkO

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 3 IoCs
  • Downloads MZ/PE file
  • Looks for VMWare Tools registry key 2 TTPs 3 IoCs
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 6 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/RxAmine/Robux-Gnerator/blob/main/Robux%20Gen.exe
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3928
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff8ecc946f8,0x7ff8ecc94708,0x7ff8ecc94718
      2⤵
        PID:4844
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2404
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:3816
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:3432
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
            2⤵
              PID:1248
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              2⤵
                PID:2808
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
                2⤵
                  PID:3308
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3288
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:8
                  2⤵
                    PID:4368
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                    2⤵
                      PID:4900
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 /prefetch:8
                      2⤵
                        PID:2860
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
                        2⤵
                          PID:4528
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3184
                        • C:\Users\Admin\Downloads\Robux Gen.exe
                          "C:\Users\Admin\Downloads\Robux Gen.exe"
                          2⤵
                          • Looks for VirtualBox Guest Additions in registry
                          • Looks for VMWare Tools registry key
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Maps connected drives based on registry
                          • Checks SCSI registry key(s)
                          • Checks processor information in registry
                          • Enumerates system info in registry
                          • Modifies system certificate store
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2824
                        • C:\Users\Admin\Downloads\Robux Gen.exe
                          "C:\Users\Admin\Downloads\Robux Gen.exe"
                          2⤵
                          • Looks for VirtualBox Guest Additions in registry
                          • Looks for VMWare Tools registry key
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Maps connected drives based on registry
                          • Checks SCSI registry key(s)
                          • Checks processor information in registry
                          • Enumerates system info in registry
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1312
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1940
                        • C:\Users\Admin\Downloads\Robux Gen (1).exe
                          "C:\Users\Admin\Downloads\Robux Gen (1).exe"
                          2⤵
                          • Looks for VirtualBox Guest Additions in registry
                          • Looks for VMWare Tools registry key
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Maps connected drives based on registry
                          • Checks SCSI registry key(s)
                          • Checks processor information in registry
                          • Enumerates system info in registry
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4592
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                          2⤵
                            PID:4156
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                            2⤵
                              PID:2152
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                              2⤵
                                PID:5196
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                                2⤵
                                  PID:5204
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13592495809469022896,16665690049207173241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3912 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:6132
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1144
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3284

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    ef2ab50a3d368243b8203ac219278a5d

                                    SHA1

                                    2d154d63c4371354ff607656a4d94bc3734658a9

                                    SHA256

                                    2e2faf2873e0b8d58788da8603acdd772642a396fff661c4e32f8a581362cbdf

                                    SHA512

                                    4533997bf4070f99306337b8ff553691d4cf1d1b53401628524ad4dc9d29bd0536a3f2df4ecdd0a8afa81b7f917f40524c9a1898b566ee499a358abc5c84b27a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\933f5805-3c0f-4e80-a985-d952526d40b6.tmp

                                    Filesize

                                    5KB

                                    MD5

                                    7bfae8359e823a1cbe7f277121c317ef

                                    SHA1

                                    548eb0deaa0981bd22d7c78728b7abc97923053e

                                    SHA256

                                    c3915ef8c21cd1b151130d6cad66a4d6ca98328afc2e2f9719a51d928f704591

                                    SHA512

                                    adc59c543884768814ea078cad97614420aef56929ccf1a85cbaa1327afac1add2c1ef322002a5c74fdc798a777d471de502cc64adace586b2340ee3dca991f0

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                                    Filesize

                                    42KB

                                    MD5

                                    cfa9c45b012ee06a4d29f059672ffd09

                                    SHA1

                                    e399f62a693d9ae913ce7328236ed3832f969df4

                                    SHA256

                                    0b619ab3f04a6de6145b8628bf8ef40d3867c37adeb939b691cf0b0791990338

                                    SHA512

                                    27e3fc6a2ca0086a550ffba1f1b2188e52f915c06bf2242af87eff5764369e3ca20cd6a85c42f8b7d1fcac0dc94b0b4b5e2df303765175ad6672e21fc1b98057

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    1KB

                                    MD5

                                    fca20d1dcf60ce64b7da169463ae8b95

                                    SHA1

                                    62d374e675997a04e3e1f89a23abb38bc26dd9be

                                    SHA256

                                    6910782a204321cb5f1e0a398d40d79ac588a33ee1b1d8df7df63e9e2060ffe9

                                    SHA512

                                    3ef3daf9681c15d4902f2f9ac465d6792e09521bbf784055b372267b0a090813b037f85ec1685aaab6fa2624039afce71d8354011970739ef68fca6b54e67b5d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    111B

                                    MD5

                                    285252a2f6327d41eab203dc2f402c67

                                    SHA1

                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                    SHA256

                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                    SHA512

                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    579B

                                    MD5

                                    a7d1701142cca705f833d70023ef4e1e

                                    SHA1

                                    1b76853132abfcddb4fefac42bf9df5d013c9815

                                    SHA256

                                    6c92f51e7f056e73c407228fc280cb7ca4d00ab02674d1dda4eafd7dc9f070f7

                                    SHA512

                                    806b7ccb375cc6116e64a9fa15229d783615d13b54cf40251561d9b664f0925915c5375ad88f5ca8d061e01367de239c29da79adf693559af53eeb7d9b1ba1a0

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    33bb6821eb83fac4d6058f5fb3ad74a1

                                    SHA1

                                    8bd850f757a285581ea76829e1a30eec4685ebf5

                                    SHA256

                                    a6c07895929bef948a6a22cdc65a1a51d99869b9033c60a0ecb0cf1c1555f13a

                                    SHA512

                                    236e50720a7ec211347ad85256109f698596fc807e3da9334ae7dc2bc46d366d285e4e617493fbf51e7ace7ff5abee0629b2d5c12f976f2d42a0160029461dca

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                    Filesize

                                    24KB

                                    MD5

                                    bf38e67347aea6d520cda5fde321a1e5

                                    SHA1

                                    0e7a8def4c923201d76b41dfa9918bb1052827ea

                                    SHA256

                                    0f0744f36e30e64949c41835aa5666f25c1ab4f3636d9247b8350fd8ad4f8025

                                    SHA512

                                    f62478dd4e38c6bef2bfc24f46caa03840613711e2b6fda2aad707df5cbd33b25af4fc3954521e203b981c4a10e5c8fd2520cabc16cdad858eed819b45a6f366

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    9204f4e8aaded7747af11d8c37d6f6c4

                                    SHA1

                                    cf8546801370fa9b4d2f34fa64f4bdb54c88f5eb

                                    SHA256

                                    3f0afadbcf984908eca38db818ec69206a37d115a47a523eef33cae84401d51c

                                    SHA512

                                    03509c460d9ad002f4d3f957f84132404d2d9f1675865c6b3edf656ec51604950cb4958a77fa5ec2addc17e4fd7802baacfb2792a54bb38c59d619b9f1afcdc8

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    140023e68aa9eb80fcc9dbe2c79c9df0

                                    SHA1

                                    474d4fb76e008dfc5aea82880938e752b14c50e3

                                    SHA256

                                    e9edb258782033d5396b184c95b73fcd3331e76740368cc1b3f63aa307570df7

                                    SHA512

                                    fcdcb02a77f57dd0aa41605c886309e614cf188a9458b95116f1493bcf93e312b7fb35fa179d4c0361aee29fe9b4f6c09f4de66f7624682005223f3781dd9bda

                                  • C:\Users\Admin\AppData\Local\Temp\login.db

                                    Filesize

                                    46KB

                                    MD5

                                    02d2c46697e3714e49f46b680b9a6b83

                                    SHA1

                                    84f98b56d49f01e9b6b76a4e21accf64fd319140

                                    SHA256

                                    522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

                                    SHA512

                                    60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

                                  • C:\Users\Admin\Downloads\Robux Gen (1).exe

                                    Filesize

                                    42KB

                                    MD5

                                    cfa9c45b012ee06a4d29f059672ffd09

                                    SHA1

                                    e399f62a693d9ae913ce7328236ed3832f969df4

                                    SHA256

                                    0b619ab3f04a6de6145b8628bf8ef40d3867c37adeb939b691cf0b0791990338

                                    SHA512

                                    27e3fc6a2ca0086a550ffba1f1b2188e52f915c06bf2242af87eff5764369e3ca20cd6a85c42f8b7d1fcac0dc94b0b4b5e2df303765175ad6672e21fc1b98057

                                  • C:\Users\Admin\Downloads\Robux Gen (1).exe

                                    Filesize

                                    42KB

                                    MD5

                                    cfa9c45b012ee06a4d29f059672ffd09

                                    SHA1

                                    e399f62a693d9ae913ce7328236ed3832f969df4

                                    SHA256

                                    0b619ab3f04a6de6145b8628bf8ef40d3867c37adeb939b691cf0b0791990338

                                    SHA512

                                    27e3fc6a2ca0086a550ffba1f1b2188e52f915c06bf2242af87eff5764369e3ca20cd6a85c42f8b7d1fcac0dc94b0b4b5e2df303765175ad6672e21fc1b98057

                                  • C:\Users\Admin\Downloads\Robux Gen.exe

                                    Filesize

                                    42KB

                                    MD5

                                    cfa9c45b012ee06a4d29f059672ffd09

                                    SHA1

                                    e399f62a693d9ae913ce7328236ed3832f969df4

                                    SHA256

                                    0b619ab3f04a6de6145b8628bf8ef40d3867c37adeb939b691cf0b0791990338

                                    SHA512

                                    27e3fc6a2ca0086a550ffba1f1b2188e52f915c06bf2242af87eff5764369e3ca20cd6a85c42f8b7d1fcac0dc94b0b4b5e2df303765175ad6672e21fc1b98057

                                  • C:\Users\Admin\Downloads\Robux Gen.exe

                                    Filesize

                                    42KB

                                    MD5

                                    cfa9c45b012ee06a4d29f059672ffd09

                                    SHA1

                                    e399f62a693d9ae913ce7328236ed3832f969df4

                                    SHA256

                                    0b619ab3f04a6de6145b8628bf8ef40d3867c37adeb939b691cf0b0791990338

                                    SHA512

                                    27e3fc6a2ca0086a550ffba1f1b2188e52f915c06bf2242af87eff5764369e3ca20cd6a85c42f8b7d1fcac0dc94b0b4b5e2df303765175ad6672e21fc1b98057

                                  • C:\Users\Admin\Downloads\Robux Gen.exe

                                    Filesize

                                    42KB

                                    MD5

                                    cfa9c45b012ee06a4d29f059672ffd09

                                    SHA1

                                    e399f62a693d9ae913ce7328236ed3832f969df4

                                    SHA256

                                    0b619ab3f04a6de6145b8628bf8ef40d3867c37adeb939b691cf0b0791990338

                                    SHA512

                                    27e3fc6a2ca0086a550ffba1f1b2188e52f915c06bf2242af87eff5764369e3ca20cd6a85c42f8b7d1fcac0dc94b0b4b5e2df303765175ad6672e21fc1b98057

                                  • \??\pipe\LOCAL\crashpad_3928_OPJTWLFFLMJAENUG

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  • memory/1312-244-0x00007FF8DA530000-0x00007FF8DAFF1000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/1312-197-0x000000001B110000-0x000000001B120000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1312-256-0x000000001B110000-0x000000001B120000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1312-196-0x00007FF8DA530000-0x00007FF8DAFF1000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/2824-237-0x00007FF8DA530000-0x00007FF8DAFF1000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/2824-193-0x0000000000160000-0x0000000000170000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2824-194-0x00007FF8DA530000-0x00007FF8DAFF1000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/4592-226-0x00007FF8DA530000-0x00007FF8DAFF1000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/4592-227-0x000000001AFF0000-0x000000001B000000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/4592-257-0x00007FF8DA530000-0x00007FF8DAFF1000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/4592-258-0x000000001AFF0000-0x000000001B000000-memory.dmp

                                    Filesize

                                    64KB