Analysis Overview
Threat Level: Known bad
The file https://download2351.mediafire.com/sm24pq2ja12gIkr6ANd8hBZBtzNvbL86ofmt2oH2-Bca2Feuo9B9ty1_sfgZfevMA1tlE5DrWc1TLEWTIT4ghzJoNjJO3vIASD0VQxrX7iOjjrAveXppvuFUucQHB2mrHV6vE1_NlpqF1tcHIJW6ezMSRaYF2bp3xnk-iYG0fez5/wl9moebaudqauqv/ROBLOX+Cheat.zip was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of SetWindowsHookEx
Checks processor information in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 04:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 04:44
Reported
2024-02-23 04:47
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
125s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4424 set thread context of 4708 | N/A | C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\ROBLOX Cheat.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://download2351.mediafire.com/sm24pq2ja12gIkr6ANd8hBZBtzNvbL86ofmt2oH2-Bca2Feuo9B9ty1_sfgZfevMA1tlE5DrWc1TLEWTIT4ghzJoNjJO3vIASD0VQxrX7iOjjrAveXppvuFUucQHB2mrHV6vE1_NlpqF1tcHIJW6ezMSRaYF2bp3xnk-iYG0fez5/wl9moebaudqauqv/ROBLOX+Cheat.zip"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://download2351.mediafire.com/sm24pq2ja12gIkr6ANd8hBZBtzNvbL86ofmt2oH2-Bca2Feuo9B9ty1_sfgZfevMA1tlE5DrWc1TLEWTIT4ghzJoNjJO3vIASD0VQxrX7iOjjrAveXppvuFUucQHB2mrHV6vE1_NlpqF1tcHIJW6ezMSRaYF2bp3xnk-iYG0fez5/wl9moebaudqauqv/ROBLOX+Cheat.zip
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.0.1094134459\279263198" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1896 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7efb5d8-d857-4286-bf8f-2db5226656a3} 960 "\\.\pipe\gecko-crash-server-pipe.960" 1996 18f7f2dda58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.1.188145731\1146697741" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c11c48df-56ed-4683-9797-af6187f959fc} 960 "\\.\pipe\gecko-crash-server-pipe.960" 2420 18f7f1e8258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.2.1473418434\1855484653" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efc82ba0-aa55-46b5-b4ab-f558b4f57b85} 960 "\\.\pipe\gecko-crash-server-pipe.960" 3132 18f05aafb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.3.273332992\1374277940" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f6854d-2986-4cc7-a1d6-81f50298ea03} 960 "\\.\pipe\gecko-crash-server-pipe.960" 3660 18f06f78d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.4.1729973117\1922866255" -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 26340 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d93784a-6ea0-4d41-8199-ef0894ca2553} 960 "\\.\pipe\gecko-crash-server-pipe.960" 5128 18f08c14858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.5.1339338862\722464311" -childID 4 -isForBrowser -prefsHandle 5140 -prefMapHandle 5276 -prefsLen 26340 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e784bb-c562-4671-a3d2-0522869fc6b8} 960 "\\.\pipe\gecko-crash-server-pipe.960" 5316 18f08cce258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.6.466250532\542671710" -childID 5 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 26340 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18f0d7d-28ea-47d6-9699-55607fc8d8cd} 960 "\\.\pipe\gecko-crash-server-pipe.960" 5484 18f08ccee58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ROBLOX Cheat\" -spe -an -ai#7zMap2388:86:7zEvent19896
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ROBLOX Cheat\manual\Manual.txt
C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe
"C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download2351.mediafire.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 199.91.155.92:443 | download2351.mediafire.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | download2351.mediafire.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:49867 | tcp | |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | download2351.mediafire.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.227.167.82:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 92.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.167.227.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49873 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | chocolatedepressofw.fun | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | prescriptionstorageag.fun | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\datareporting\glean\pending_pings\7ff03738-46a6-4c50-97b1-d566bbd8fdd0
| MD5 | 96a826c7a37d1c805900f5c0edb841d4 |
| SHA1 | 936df9eb22a7cb0a8f2fa64e01ff550b99afc11f |
| SHA256 | adab9da93fda3ce02ba30c8e141b17909fb37482b91d2c9899730478ee6dbb7f |
| SHA512 | cf8ac791c9b14451bff11a3091c653dad4c6ac74de13c7fc3a7adb6eea3cedb3d9d73b8c85825f3ab84714b615ef2ecf735ca7fd51621a6753eb2b5a6f6e7a8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\datareporting\glean\pending_pings\3b5460d6-c3d4-4e74-9678-4587d26b1682
| MD5 | c81d0f730fa3b379e5db16cdb147d3f0 |
| SHA1 | 139cee84f7faaed4611c4aea90ca41b8d5508d86 |
| SHA256 | 9edad603f00585c8b84e8d217a16971f12065b147aa19aaa699ff1674f379902 |
| SHA512 | 9f7a7582efd969982101fc55ef0162f8f74d9ebb0921bc8be6937aeab9abde344a502f7412c3f8bd0231400f31d7f0e31bb550c50f2f0ab692882e2828f9df77 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 8f5351367936944707eb93afb1498471 |
| SHA1 | 247ef80bbdc6332a87109edcecb961bcc75e7880 |
| SHA256 | d0263d603e671cb0b48ddcd2860df4c02f283db5081365c3a438bce661aeb5be |
| SHA512 | 2efda8376b104fd265a7c0dd736bb0870c058f0bcd3d0ddb6a52603db0dade5d8a75e01e1645d7ec05d82ad6ea8b8e3a480c53be212c73a16c7fa304e5b0c390 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\prefs.js
| MD5 | d13295402de74517e588766063385eb9 |
| SHA1 | 6179f2d0b67c544703111181191806a36a442d40 |
| SHA256 | 0077d9d2507b8317ce7646108e982f9623cf1fe1559c05ba5ab9ce58a506c9e3 |
| SHA512 | e58e93cdff8e2a253252f0fb54f6a237dd9b7b94f6a58e7bf86ff822f6c6b3bafc2704ec55272f57b5faefe7d8c79012ed49993d3cda8e343cd7367aabb596a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\prefs-1.js
| MD5 | bec5f1b0de8fea43e8b278a6f97a3557 |
| SHA1 | 67ff76e867f636b97ad219f18fe6c0d5677cb8a0 |
| SHA256 | 9b5648f87fc376bcc380c26fe4c38797dbae532d4b12d50a8ad9e712100c23bb |
| SHA512 | f22c4c093613b8aaa34d9d29cd67180919edad5adc14ccfca631057795dc0b50ac4d8c28b28f1a017bb1762519f69d3e9433bb63cfeb44af2da7d0a23016effd |
C:\Users\Admin\Downloads\ROBLOX Cheat.-1-q1eyR.zip.part
| MD5 | 44bf0cd02308cfa558811d7d3964e32b |
| SHA1 | 80e8c13a44c1378b831b4f5e02898abf8e238657 |
| SHA256 | 8ff3a941aeea0e1ed01e5e090848bfa2f5c2ac573abe1673538f02839793e121 |
| SHA512 | 9dd3aa74f5da3c1ae63fb6d6d63de0636a4e069b93cbd35d86ed011476bd585d1d4d03d64d9d27842e32e9af68abdc5a6a1c55a20c6d3460dfd870328cb0187b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 69d3890a489ad5136a4d09e83c512237 |
| SHA1 | d375584c7192f3a0e626297ed774dac991820bb7 |
| SHA256 | 3defcd6e5f5a3b0fcfa2eef42fc3d89c2dfef56c5b1ee8971b9ea1f9e22d506d |
| SHA512 | deb0f0a646b931ad89b42b3c8858f9f603294b636915f28568d0f72faedc387bcdd891ae99122b381a7820ba0cfe408a9c728a1fb6bad84dd84d09a053b510cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\sessionstore.jsonlz4
| MD5 | bef90bff935b5f3f9c482481ebd4632c |
| SHA1 | caea9fe769df9311ec8130bd6b03535559d01293 |
| SHA256 | e94fb1d5c871425a62dfdde354ebf3a4d8a108a594e9ebbead13197ae2eaf064 |
| SHA512 | d8dc57aa490f4c713d6f6101ee16fd94af53f46d5c156d06f48dd1ab9ec508b1be1b37d45081dcdf5d6c35c1bf110ee7b685a019f84a1cbea8767c61f187a993 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\prefs-1.js
| MD5 | a12249d0187afac7f9576aa933b8fab2 |
| SHA1 | 1a546030070896691fd0e0aba722841ddd14ca85 |
| SHA256 | 51f3be69c46ff9475a99ab5de4ad32d1d2416572ec75b6d31bce411fdf195eff |
| SHA512 | 65267dcff3ac49e29792e0062aadff18fe6c6b638b34615e02b085a9742b6f562f6404465fbb67943dfba9c15c584ca729aed25757b876ea29e8af68452195a6 |
C:\Users\Admin\Downloads\ROBLOX Cheat\manual\Manual.txt
| MD5 | e0d221f43d38a87a7f043c68dbf490e7 |
| SHA1 | 104939bb7687ba0571678857f74f0c92f9d2ddb1 |
| SHA256 | e5288bc20d7e1e28297471e3f6088557964870730072d206fd02e5e40bde6309 |
| SHA512 | cb327549ca65ddace9bca7ed84ace048772cecb8e400699011b6ede0de23d0196230db93122f7bd92adcd54e0a18cd2efe89902eb82e8513f0398a8867f30aa2 |
C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe
| MD5 | d54a8b90227a487bc800a3eb7c1352f0 |
| SHA1 | 039d57519a03de5dc5fdb53afa948f49a59988b3 |
| SHA256 | becba2eb6f7ad1976f91cc183107ed7d45e264a861a74e90102314cbbd352928 |
| SHA512 | 6b0561ca4446ed7cce21f6e6c531ff2cd992cfa2cdd9adb7e4546f4390cefdd5fa09a4cacb65b4b3499a29ebb5d133df4c79e853b3bf383b2059fdde4327e89b |
memory/4424-251-0x0000000004A90000-0x0000000004AE0000-memory.dmp
memory/4424-252-0x0000000075120000-0x00000000758D0000-memory.dmp
memory/4424-253-0x0000000004C10000-0x0000000004C20000-memory.dmp
memory/4424-254-0x0000000004C10000-0x0000000004C20000-memory.dmp
memory/4424-255-0x0000000004C20000-0x00000000051C4000-memory.dmp
memory/4424-256-0x0000000004B60000-0x0000000004BAE000-memory.dmp
memory/4708-259-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4708-262-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4424-264-0x0000000002650000-0x0000000004650000-memory.dmp
memory/4708-265-0x0000000000790000-0x0000000000791000-memory.dmp
memory/4424-267-0x0000000075120000-0x00000000758D0000-memory.dmp
memory/4708-266-0x0000000000790000-0x0000000000791000-memory.dmp
memory/4708-268-0x0000000000790000-0x0000000000791000-memory.dmp
memory/4708-269-0x0000000000400000-0x0000000000446000-memory.dmp
memory/1896-270-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-271-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-272-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-276-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-277-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-279-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-278-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-280-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-281-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp
memory/1896-282-0x00000213FE6C0000-0x00000213FE6C1000-memory.dmp